refactor: Clean up lms/envs/production.py cruft (#36115)

This is a pure refactoring of lms/envs/production.py, removing several
redundant statements that have accrued over the years as the platform moved
from python-only, to python+json, to python+json+yaml, to today's python+yaml
setup.

Notes on some of the more involved refactorings:

* AWS Locals Load block is handled by the YAML loading at the very top, we
  don't need to re-load it since there were no changes to those settings
  between the YAML loading at the top and this section.

* MKTG_URL_OVERRIDES, we drop doing any overrides and remove it from the merge
  list beacuse the default value in
  lms/envs/common.py is empty.  So the update is a no-op and is the same as just
  loading this data directly from the YAML config.

* CODE_JAIL block, we've been overriding the entire dict if it is in your YAML
  config, so then going through and updating the individual values is not necessary.

* SSL_AUTH_EMAIL_DOMAIN and SSL_AUTH_DN_FORMAT_STRING are not used anywhere in
  the openedx org, looks like they were used by the old `dashboard` djangoapp
  and can probably be deleted but might be used by plugins so not removing for
  now to keep the change backward compatible.

* DEFAULT_FILE_STORAGE, previously two of the braches were no-ops so we only
  keep the one branch we need for when we want to update DEFAULT_FILE_STORAGE
  automatically if AWS keys are set.

Somewhat related to: openedx/openedx-proposals#587

Co-Authored-By: Feanil Patel <feanil@axim.org>

Author: kdmccormick

lms/envs/common.py

@@ -3392,9 +3392,35 @@ def _make_locale_paths(settings):  # pylint: disable=missing-function-docstring
 CSRF_COOKIE_SECURE = False
 CSRF_TRUSTED_ORIGINS = []
 CSRF_TRUSTED_ORIGINS_WITH_SCHEME = []
-CROSS_DOMAIN_CSRF_COOKIE_DOMAIN = ''
+
+# If setting a cross-domain cookie, it's really important to choose
+# a name for the cookie that is DIFFERENT than the cookies used
+# by each subdomain.  For example, suppose the applications
+# at these subdomains are configured to use the following cookie names:
+#
+# 1) foo.example.com --> "csrftoken"
+# 2) baz.example.com --> "csrftoken"
+# 3) bar.example.com --> "csrftoken"
+#
+# For the cross-domain version of the CSRF cookie, you need to choose
+# a name DIFFERENT than "csrftoken"; otherwise, the new token configured
+# for ".example.com" could conflict with the other cookies,
+# non-deterministically causing 403 responses.
 CROSS_DOMAIN_CSRF_COOKIE_NAME = ''
 
+# When setting the domain for the "cross-domain" version of the CSRF
+# cookie, you should choose something like: ".example.com"
+# (note the leading dot), where both the referer and the host
+# are subdomains of "example.com".
+#
+# Browser security rules require that
+# the cookie domain matches the domain of the server; otherwise
+# the cookie won't get set.  And once the cookie gets set, the client
+# needs to be on a domain that matches the cookie domain, otherwise
+# the client won't be able to read the cookie.
+CROSS_DOMAIN_CSRF_COOKIE_DOMAIN = ''
+
+
 ######################### Django Rest Framework ########################
 
 REST_FRAMEWORK = {