Foolbox

Fixed assertions that prevented custom preprocessing functions from changing the shape of the input (see 187).

New Features

* added the `EvoluationaryStrategiesGradientEstimator` as an alternative to the `CoordinateWiseGradientEstimator` introduced in 1.3.0 (thanks to lukas-schott)

Highlights
* added support for arbitrary preprocessing functions with custom gradients (e.g. input binarization with a straight-through approximation in the backward pass)
* added the `ModelWithEstimatedGradients` model wrapper to replace a model's gradients with gradients estimated by an arbitrary gradient estimator
* added the `CoordinateWiseGradientEstimator` and an easy template to implement custom gradient estimators
* added the `BinarizationRefinementAttack` that uses information about a model's input binarization to refine adversarials found by other attacks
* added the `ConfidentMisclassification` criterion

Other improvements
* added a `binarize` function in in utils to provide a consistent way to specify input binarization as part of the preprocessing
* added `batch_crossentropy` in utils
* added preprocessing support to LasagneModel
* renamed the `GradientLess` model wrapper to `ModelWithoutGradients`
* bug fixes
* improved documentation and fixed typos

Highlights
* [Basic Iterative Method](https://foolbox.readthedocs.io/en/latest/modules/attacks/gradient.html#foolbox.attacks.BasicIterativeMethod) reimplemented (Linfinity, L1, L2)
* recommended instead of IterativeGradientAttack and IterativeGradientSignAttack
* [Projected Gradient Descent](https://foolbox.readthedocs.io/en/latest/modules/attacks/gradient.html#foolbox.attacks.ProjectedGradientDescent) attack (with and without random start)
* [Momentum Iterative Method](https://foolbox.readthedocs.io/en/latest/modules/attacks/gradient.html#foolbox.attacks.MomentumIterativeMethod)
* full PyTorch 0.4.0 support (thanks cjsg)
* new MXNetGluonModel wrapper for [Gluon models](https://gluon.mxnet.io) (thanks meissnereric)

Other improvements
* official PyTorch example in the docs
* bug fixes
* updated tests to use newer versions of the different frameworks
* improved documentation and fixed typos

* added the PointwiseAttack (supersedes the ResetAttack)
* attacks now provide the full function signature of their `__call__` method as well as parameter documentation
* added additional checks for correctness of the returned adversarials even when attacks misbehave
* replaced the randomstate package with the randomgen package
* bug fixes and improvements

Improved the documentation and the availability of useful function signatures. Attack parameters are now be fully documented, like everything else, and this documentation is directly accessible within Jupyter / IPython and IDEs.