Fixes #11579 - Reports show/destroy restricted by host authorization (CVE-2015-5233)

ReportsController 'show' and 'destroy' now perform a check to see if
the User is authorized to see the Host associated with the Report. In
case it's not, it returns 404, as to not give hints whether a Report...

fixes #10482 - get external user group members only once during refresh

(cherry picked from commit 0fd7412faaa76787bf15ed1901ffc9eb4d6353fa)

Fixes #10123 - Tests API v2 external user groups

The addition of a .refresh call after create, update and delete, caused
our tests to fail because of many failed calls to LDAP.
We can just expect the method to return true as we're not testing the
refresh functionality in these methods....

Fixes #8812 - Pass model type so search_for is called on Host

At least on version 1.6.1, the absence of this second parameter leads to a
runtime crash when it's time to validate if the current user (non-admin) is
allowed to perform a power operation on given a host via the APIv2....

Fixes #10002 - Add attribute ancestry to taxonomies API v2

(cherry picked from commit 1f47202ce4e70fd036437f1d81646b6b811bf02d)

Fixes #7378 - fixed API lookup keys filters

(cherry picked from commit bc68c48da5b718084c3e531e61e48124e8e00d36)

Fixes #9657 - merge NICs from compute profile in host create API

- updated api docs for hosts and interfaces
- host create/update api actions now merge interfaces from compute
profiles
- NIC type mapping extracted into a separate class
- return full host detail after host update...

Fixes #9678 - Can't update admin flag for users via API

find_resource needs to be defined prior to UsersMixin is included as it
requires the variable @user being set.

(cherry picked from commit 1b1b39861e485523b0cc0c6435fef30c38df7e07)

Refs #3809 - Remove classcheck cop

Refs #3809 - Remove various small cops