Assorted improvements & fixes

[Oaphi]

This PR includes a bunch more fixes and improvements across the project:

1. Fixes remember_me_token cookie not being generated for 2FA users because we have a custom override for TOTP;
2. Lightens the posts/_expanded partial by moving notices to dedicated partials (also fixes botched HTML markup as a side effect and links to abilities in notices where applicable);
3. Fixes runtime error on the create tag page and as a consequence - ability to upload images for tag wikis (we forgot to actually render the modal);
4. Fixes post titles leaking to the "Related posts" sidebar widgets for users that should not be able to see them (sanity check in prod: our recent changes meta post should stop linking to questions and voting post for normal users);
5. Cleans up error reporting page a little (small spacing and padding adjustments + we no longer render empty tracebacks);
6. thread_content action now ensures Rails sets Last-Modified header based on the thread's latest activity timestamp (needed to fix our overzealous caching);
7. /users/me requests now include a Cache-Control: no cache directive (part of work on solving caching issues);

I don't have time to spare to do 6 and 7 for every affected resource right now, but it should at least be a step forward.

[codecov]

Codecov Report

❌ Patch coverage is 81.81818% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 76.81%. Comparing base (7b952d7) to head (8710a2d).
⚠️ Report is 29 commits behind head on develop.

Files with missing lines	Patch %	Lines
app/controllers/users/sessions_controller.rb	60.00%	4 Missing ⚠️

Additional details and impacted files

Components	Coverage Δ
controllers	71.55% <63.63%> (+0.08%)	⬆️
helpers	82.01% <100.00%> (+0.05%)	⬆️
jobs	60.00% <ø> (ø)
models	89.02% <100.00%> (+0.05%)	⬆️
tasks	61.11% <ø> (ø)

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Oaphi]

Note for reviewers: test coverage of sessions_controller is sufficient for the changes, it's just that it's mostly been uncovered before the change.

[cellio]

LGTM. Nice reworking of expanded posts! Wow, we sure were loading a lot of extra stuff -- pulling that in only when actually needed is a big win, and also makes that code easier to work with.

[trichoplax]

I don't have time to spare to do 6 and 7 for every affected resource right now

For things like this, where future work is needed, are they mentioned in existing issues or would it be worth adding issues for them? I suspect they will probably be done by you, and you already have them in your head, but would we know what needed to be done if we lost you / your time for any reason?

More optimistically, might it allow others to pick up some of it to share the work?

[Oaphi]

For things like this, where future work is needed, are they mentioned in existing issues or would it be worth adding issues for them?

Nope, no existing ones that I am aware of - 6 & 7 all come as a result of investigating root causes for our recent instability issues. That said, it won't hurt to have a tracking issue with detailed info on the findings for other contributors - I'll likely get to it soon-ish (feel free to take over that part too if you'd like - I don't mind having less stuff to do deal with, of course 😅).

More optimistically, might it allow others to pick up some of it to share the work?

For sure, no intention to become a one-man army - I am quite stretched as it is

[trichoplax]

That said, it won't hurt to have a tracking issue with detailed info on the findings for other contributors - I'll likely get to it soon-ish (feel free to take over that part too if you'd like)

I'm generally very happy to add issues to avoid things being forgotten, but for 6 and 7 I'm out of my depth and wouldn't know what to raise. I'm guessing it would be quicker for you to raise them than to explain to me what needs raising.

For now I've raised an empty shell of an issue that links back here #1828