Currently the branch protection is set on specific workflows which needs
to be run every time a PR is created (or a push).

Because it isn't possible to tell the branch protection only to do it's
job if specific files are touched or not, we just need to make sure
these jobs are always started.

Also, because we now check the builds for an MSRV, and the title would
change all the time, that would cause the branch protection to be
updated everytime the MSRV would change. This is now also addressed by
naming that job 'msrv' instead of the version number.

 Rename/Fix revoke/restore endpoints

Fix issue 2737, unable to create org

In web-vault v2022.9.x it seems the endpoints changed.
 - activate > restore
 - deactivate > revoke

This PR adds those endpoints and renames the functions.
It also keeps the previous endpoints for now to be compatible with
previous vault verions for now, just in case.

There was a small oversight on upgrading to v2022.9.0 web-vault version.
It seems the call to the /plans/ endpoint doesn't provide authentication anymore.

Removed this check and it seems to work again.

Fixes #2737

Merge branch 'web-vault-v2022.9-support' of https://github.com/BlackDex/vaultwarden into BlackDex-web-vault-v2022.9-support

- The new web-vault version supports fastmail.com anon email, add the
  correct api host to support it.
- Removed Firefox Relay, this seems only to be supported on SaaS.
- Added a function to the two-factor api to prevent 404 errors.

Previously FlashMessage was used to provide an error message during login.
This PR changes that flow to not use redirect for this, but renders the HTML and responds using the correct status code where needed. This should solve some issues which were reported in the past.

Thanks to @RealOrangeOne, for initiating this with a PR.

Fixes #2448
Fixes #2712
Closes #2715

Co-authored-by: Jake Howard <git@theorangeone.net>

Merge branch 'org-user-revoke-access' of https://github.com/BlackDex/vaultwarden into BlackDex-org-user-revoke-access

This PR adds a the new v2022.8.x revoke feature which allows an
organization owner or admin to revoke access for one or more users.

This PR also fixes several permissions and policy checks which were faulty.

- Modified some functions to use DB Count features instead of iter/count aftwards.
- Rearanged some if statements (faster matching or just one if instead of nested if's)
- Added and fixed several policy checks where needed
- Some small updates on some response models
- Made some functions require an enum instead of an i32

Added noopener to prevent tabnabbing

The link to the backup documentation was opened in the active tab.
With this change it will open in a new tab and prevent tabnabbing

Fix uploads from mobile clients (and dep updates)

This patch fixes the file upload send by the mobile clients.
It resolves #2644 by always providing a `Content-Type` even though one
isn't set in this specific case.

I do hope it will be fixed upstream by either Bitwarden by fixing the
client. Or Rocket by allowing to override this somehow.

Until then, we can use this patched version of multer-rs.

Issue @ Rocket: https://github.com/SergioBenitez/Rocket/issues/2299
Issue @ Bitwarden: https://github.com/bitwarden/mobile/issues/2018

Also updated some dependencies.

The latest version of chrono-tz needs 1.60.0 because of phf.
Since chrono-tz has updated timezone information i do think it is
usefull in some cases around the world.

- Updated deps
- Updated Alpine images to 3.16
- Removed dumb-init, not needed anymore
- Some small shellcheck tweaks on the start/healthcheck scripts

Mitigate attachment/send upload issues

This PR attends to mitigate (not fix) #2644.
There seems to be an issue when uploading files either as attachment or
via send via the mobile (Android) client.

The binary data gets transfered correctly to Vaultwarden (Checked via
Wireshark), but the data is not parsed correctly for some reason.

Since the parsing is not done by Vaultwarden it self, i think we should
at least try to prevent saving the data and letting users think all
fine.

Further investigation is needed to actually fix this issue.
This is just a quick patch.

Merge branch 'update-github-actions' of https://github.com/BlackDex/vaultwarden into BlackDex-update-github-actions

The previous persistent folder check worked by checking if a file
exists. If you used a bind-mount, then this file is not there. But when
using a docker/podman volume those files are copied, and caused the
container to not start.

This change checks the `/proc/self/mountinfo` for a specific patern to
see if the data folder is persistent or not.

Fixes #2622

Because we want to support MSRV, we also need to run a CI for this.
This PR adds checks for the MSRV and rust-toolchain defined versions.

It will also run all cargo test, clippy and fmt checks no matter the outcome of the previous job.
This will help when there are multiple issues, like clippy errors and formatting.
Previously it would show only the first failed check and stopped.

It will also output a nice step summary with some details on which checks have failed.
Or it will output a success message.

Fix issue with CSP and icon redirects

When using anything else but the `internal` icon service it would
trigger an CSP block because the redirects were not allowed.

This PR fixes #2623 by dynamically adding the needed CSP strings.
This should also work with custom services.

For Google i needed to add an extra check because that does a redirect
it self to there gstatic.com domain.