Webapp privacy fixes
This fixes two issues:
-
webapp lists should never display apps not visible by the current user (obviously!)
TagWebappList did not implement such a filter. I added the
query_webapps_for_user()helper and use it for TagWebappList, TagList and WebappList (the list returned by this function is the superset of webapps that these views are allowed to display) -
private webapps should not be indexable by search engines. This change returns a 404 if the webapp is private and if a crawler is detected in the User-Agent header (using the robot_detection package)