refs #2146 - ensures redirect does not break on api requests too

fixes #2146 - prevent double render

fixes #2151 - use DN environment variable instead of CN

nginx is unable to pass bits of the X.509 subject, only the entire DN, so
support that as a lowest common denominator.

refs #2069 - enable auth by default

Without authentication, sensitive information and power is available to all,
so improve security out of the box.

fixes #2121, #2069 - restrict importers and ENC to puppetmasters and users

CVE-2013-0171: report and fact importers parse YAML directly from the remote
host without authentication. Untrusted YAML can instantiate objects and be
used to exploit Foreman.

CVE-2013-0174: external nodes (ENC) output is available to any source and...

added API v2 placeholders.

fixes #2109 - improve session token security

- adds security:generate token rake task to create static token
- generate and cache a token on startup if static token isn't present

Thanks to Sandor Szücs <sandor.szuecs@fu-berlin.de>

fixes #2097 - improve debug when `puppet master --configprint` fails

fixes #2073 - undefined method `update!'

fixes #1947 - wrong notice pressing the power on/off button for vmware hosts

• now using the real state from the server
• also made sure that we validate power on/off requests
• ensured our fog server objects respond to to_s and to state