allow authentication by an external webserver

[vault]

This patch enables pyshop to use authentication provided by another webserver. This functionality would typically be used while running pyshop in Apache under mod_wsgi with some sort of single sign-on module providing auth.

Apache auth modules normally provide that information via the REMOTE_USER server variable, so this patch looks there by default, but the specific variable used can be controlled by setting pyshop.remote_user.login.

When using this mode pyshop will create users in the database if it hasn't encountered them before. For this to work pyshop must be told how to get an email address from the provided login. This patch permits appending a static domain to the login (configured via pyshop.remote_user.email_domain), or via reading another server variable that contains the full email address (set via pyshop.remote_user.email).

Authentication via this method is only permitted for the web interface. The interface used by pip and distutils is still limited to HTTP Basic auth. While pip can be made to work with the use-case I had this patch in mind for (client cert auth), distutils does not currently offer users support for anything other than basic auth. This makes uploading packages impossible under such a regimine. This may still be possible, but it would mostly come down to the configuration of whatever is serving pyshop.