fixes #2121, #2069 - restrict importers and ENC to puppetmasters and users

CVE-2013-0171: report and fact importers parse YAML directly from the remote
host without authentication. Untrusted YAML can instantiate objects and be
used to exploit Foreman.

CVE-2013-0174: external nodes (ENC) output is available to any source and...

fixes #2109 - improve session token security

- adds security:generate token rake task to create static token
- generate and cache a token on startup if static token isn't present

Thanks to Sandor Szücs <sandor.szuecs@fu-berlin.de>

fixes #2017 added patch from ticket

fixes #1944 - Listing VMWare virtual machines under Computer resources is slow.

fixes #1814 - converts sp_* attributes into a BMC interface class

this patch also includes the following

• added a new interfaces table, and STI objects to represent a NIC, BMC, Managed
  and a bootable interface.
• refactored DHCP/DNS orchestation code, so they can work on the...

refs #1991 - Cache not cleared prevent location / org feature to show up

1. ensures settings cache is removed when app starts
we can't remove all cache, with Rails.cache.clear as that might lead to issues
with people using memcache with multiple foreman instances (e.g. we can clear...

renamed to thread_session.rb

fixes #2061 - test if oVirt API has HTTPS redirect

rest_client will refuse to follow redirects on POST requests, so the URL must
be entered as HTTPS. Don't require HTTPS as dev environments may be HTTP-only.

fixes #2062 - Add max_trends setting

added slash /unattended to other url_for calls