Some legacy identifiers remain very persistently.

Additionally, remove obsolete VisitedRoom repository and renamed
VisitedRoom references to RoomHistory.

Additionally, remove obsolete MotdListRepository.

Implemented migration of settings.

Implemented a customized WithMockUser and
WithMockUserSecurityContextFactory to mock an Authentication with User
and UserProfile.

Improve architecture to better fit in with Spring Security:
* Create an unauthenticated token first and pass it to an
  AuthenticationProvider.
* Let Spring Security handle everything else.

Correctly wire up UserService and set the stored, encrypted password so
it is available for comparison.

* AuthenticationProvider-agnostic User object allows access to common
  user attributes: userId, loginId, authProvider, etc.
* Auto-create UserProfiles for external accounts
* Use userId (instead of loginId) for permission checks
* Use custom implementation for Pac4j integration
  (remove org.pac4j.spring-security-pac4j)
* Move authentication logic from controller to service layer
* Remove user room role handling
* Rename targetDomainType 'session' to 'room'

PathApiVersionContentNegotiationStrategy selects the media type based on
request path. It allows to set the correct media type for old clients
which do not set the 'Accept' header.

The new class CouchDbInitializer is using CouchDbConnector as a
dependency instead of inheriting from it. This way, circular
dependencies can be avoided.

Classes can register reasons for maintenance. While at least one reason
is set, all requests are blocked and responded to with a 503 status
code.

Jackson cannot instantiate non-static inner classes for deserialization.

Use `authProvider` + `loginId` instead of `username`.

Since VisitedRoom does not extend Entity, @JsonProperty has to be set
explicitly for id.