To be honest I'm not sure this is the right way to do it.

The seralizers for Host, Note and Show require the request in the
context, but only the `APINoteViewSet` calls `get_serializer_context`.
The other two `APIHostViewSet` and `ShowSerializer` ingnore it, and the
request needs to be added manually.

- The user or username is no longer "injected" in the view sets
- The user and username are obtained in the serializers from requests

Wrong mix of timezone aware and timezone naive datetime objects

Close #116

Fixes #141

- add `includeVirtual` as GET parameter for `json_playout()`
- refactor `json_playout` to be cleaner

Closes: #120

- remove remaining usage of naive datetime objects
- refactor json_day_schedule and json_playout views
- remove unused methods in TimeslotManager

Only return the next repetition timeslot if there is one

Only return the next repetition timeslot if there is one

Fixes #131

The conflict responses should be send with an HTTP 409 status code as
they’re defined in our documentation. This was not the case as the
dashboard couldn’t handle these error codes, but is now fixed in
dashboard@4a07ad9e.

Until now the steering API client was expected to submit two requests.

1. The initial schedule request, with a `schedule` object
2. A second schedule request, with an additional `solutions` object

This `solutions` object was empty, if no conflicts arose from the
submitted schedule in the first place. But instead of just creating the
requested schedule if no conflicts were detected we still required that
second round-trip, introducing possible race conditions in the client,
if another successful scheduling request was made between requests.

From now on the steering API will create schedules if no conflicts have
been detected and will only require the client to submit solutions if
there really are conflicts to solve.

The following attribute names were marked as deprecated in the schedule
request and have been replaced by their new names:

  dstart → first_date
  until → last_date
  tstart → start_time
  tend → end_time
  byweekday → by_weekday

Apart from that this commit fixes a few documentation errors.

This adds extensive API documentation based on the official API
documentation [1] and conflict resolution [2] documents.

Where possible field documentation was added to models or serializers,
so that other code like auto-generated forms can also profit from these
changes (hence the migration part of this commit).

The changes introduce two new API endpoints.

`/api/v1/schema/` exposes the API schema as an OpenAPI 3.0.3 document.
The standard format is yaml but can be switched to JSON by appending the
`?format=json` query parameter.

`/api/v1/schema/swagger-ui/` renders a visual representation of the
OpenAPI 3 specification with support for testing the individual API
endpoints including authentication.

[1]
https://gitlab.servus.at/aura/meta/-/blob/ec3c753d34ccb0269969808ac7dc28fff2ff1648/docs/development/api-definition.md
[2]
https://gitlab.servus.at/aura/meta/-/blob/ec3c753d34ccb0269969808ac7dc28fff2ff1648/docs/development/conflict-resolution.md

Schedule dry-runs returned a 201 response before, because the only check
for a 201 return code was, that the payload must not contain the
"projected" keyword.

As dry-runs don’t create any data 201 is not an appropriate status code.

The retrieve and update actions can be removed because the get_queryset
method already ensures that the user has only access to their own user
object (or all user objects in case of superusers).

Sending 401 responses for unauthorized requests may also be considered
leaky, because it exposes that these objects exist instead of returning
a 404 that simply states that no object with that primary key can be
found.