Fixes #11579 - Reports show/destroy restricted by host authorization (CVE-2015-5233)

ReportsController 'show' and 'destroy' now perform a check to see if
the User is authorized to see the Host associated with the Report. In
case it's not, it returns 404, as to not give hints whether a Report...

Fixes #10715 - api build_pxe_default returns non-JSON message

The fix adds a new method `render_message` for responding with a status
text.

Refs #3809 - Remove cops for empty lines

fixes #8484 - make SmartProxyAuth concern more useful to plugins

fixes #3492 - API v2 nested routes for each controller

fixes #4386 - gem friendly_id to simplify find by id, name, label, etc

Fixes #5088 - adding location_ids and organizations_ids to apidocs of taxable resources

Fixes #7261 - API v2 - mark wrapped params hash for POST/PUT as required instead of optional

Refs #4478 - API doc strings marked for translation

fixes #812 - new permissions model, user group role and nest support, role filters for better granularity

• Daniel Lobato <elobatocs@gmail.com>
• Joseph Magen <jmagen@redhat.com>
• Tom McKay <thomasmckay@redhat.com>
• Greg Sutcliffe <gsutclif@redhat.com>...

fixes #3925 - create apipie param_groups for API v2 to DRY documentation

fixes #3760 - API v2 define metadata @total for each controller

fixed #3905 - wrong route in apidoc for reports delete (API v2)

fixes #3017 - split APIv2 controllers from v1 parents

fixes #1830 - auto assign puppet proxy if its not defined upon facts/reports event

fixes #3207 avoid extra validation calls when importing a report

Fixes #2414 - Move puppet report processing code to the report processor

This creates a API route for POST:/api/reports which matches the GET
format for reports. Tests are updated, with the report model tests
moving to the puppet-foreman module (along with the report fixtures).