Plone.restapi

------------------

New Features:

- Introduce dedicated permission required to use REST API at all
(assigned to everybody by default).
[lgraf]

Bugfixes:

- When token expires, PAS plugin should return an empty credential.
[ebrehault]

------------------

Bugfixes:

- Remove plone.api dependency from users service. This fixes
https://github.com/plone/plone.restapi/issues/145.
[timo]

------------------

New Features:

- Make POST request return the serialized object.
[timo]

- Include 'id' attribute in responses.
[timo]

------------------

New Features:

- Add users endpoint.
[timo]

Bugfixes:

- Fix bug where disabling the "Use Keyring" flag wasn't persisted in jwt_auth plugin.
[lgraf]

------------------

New Features:

- Implements navigation and breadcrumbs components
[ebrehault]

- Add `widget` and support for RichText field in types component.
[ebrehault]

- Add fieldsets in types
[ebrehault]

Bugfixes:

- Disable automatic CSRF protection for login and login-renew endpoints:
If persisting tokens server-side is enabled, those requests need to be allowed to cause DB writes.
[lgraf]

- Documentation: Fixed parameter 'data' to JSON format in JWT Authentication
documentation
[lccruz]

- Tests: Fail tests on uncommitted changes to docs/source/_json/
[lgraf]

- Tests: Use `freezegun` to freeze hard to control timestamps in response
dumps used for documentation.
[lgraf]

- Tests: Limit available languages to a small set to avoid excessive language
lists in response dumps used for documentation.
[lgraf]

------------------

- Initial release.
[timo,buchi,lukasgraf,et al.]