v0.24.0-alpha.0

• Update to curveball 0.21
• Refactored the privilege system to make internally easier to use. There should be no end-user effects to this.
• Added a system group principal , which allows admins to set privileges for every user in the system.
• Fix Sqlite startup warning.
• The /group/x/members collection and associated operations and links have been removed. This endpoint had been marked deprecated in version 0.19 in May 2021 and is now finally removed. If you still depended on this endpoint, all the related information can be found on the /group/x endpoint. This endpoint also has operations for modifying the members list.
• By default this server will no longer allow new users and apps to see the full list of other users, groups and apps. Any applications relying on this behavior need to give the relevant users the a12n:principals:list privilege. To get the old behavior, simply add this privilege to the new $all group.
• When a user goes from login to registration, the "continue" link will be remembered.
• The 'password' flow now also tracks apps that are granted access to user accounts
• When using the Redis session backend, CSRF tokens would not get stored correctly, causing some browser operations to fail.
• a12n-server will now report a better process name in linux process lists.
• The server now picks up the CURVEBALL_ORIGIN environment variable.