In addition to the

	?foo=1,2,3

filter syntax we now also support

	?foo=1&foo=2&foo=3
	?foo[]=1&foo[]=2&foo[]=3

Schedule dry-runs returned a 201 response before, because the only check
for a 201 return code was, that the payload must not contain the
"projected" keyword.

As dry-runs don’t create any data 201 is not an appropriate status code.

The filter defaults caused the queryset to always yield results filtered
for the coming 60 days. We should only apply filter defaults when
listing timeslots, not when querying individual items.

The retrieve and update actions can be removed because the get_queryset
method already ensures that the user has only access to their own user
object (or all user objects in case of superusers).

Sending 401 responses for unauthorized requests may also be considered
leaky, because it exposes that these objects exist instead of returning
a 404 that simply states that no object with that primary key can be
found.

Simply omitting properties in the API in certain edge cases makes API
client implementations brittle and documentation a lot harder.

This gives the calling code better control over the handling of such
errors and makes it easy to differentiate between errors and valid
return types.

This change allows clients to identify specific errors by an optional
code provided as part of any APIException instances raised in our code.

This code:

```py
raise ValidationError(
    "Please provide a correct date and time",
    code="time-invalid",
)
```

now returns an error object via the API with a message and a code
property making error processing on the client side easy for both humans
and machines and looks like this:

```json
{
    "message": "Please provide a correct date and time",
    "code": "time-invalid"
}
```

Most of the queryset filtering for subroutes formerly implemented
through custom get_queryset methods can happen semi-automated through a
mixin, making the behaviour re-usable and allowing us strip a lot of
additional logic for retrieving objects.

The use of the viewset get_object method also allows us to implement
object access with permission classes in the future, and should make a
whole lot of other code obselete.

This change is primarily motivated by the fact that documentation of the
API will become a lot easier if the subroutes don’t impose arbitrary
restrictions on the specific subpath under which an operation is
allowed. For instance updating a schedule should be possible through
either /schedules/<pk>/ or
/shows/<show_pk>/schedules/<schedule_pk>/ as long as all the necessary
data is present in the request body.

The show retrieve method allowed shows to be identified through the slug
or the id. This is handy, but was restricted to the retrieve and did not
apply to the update nor delete methods. The proper way to implement this
kind of behaviour is through overriding get_object so that route
identifiers are handled consistently.

cba_id was always part of the serialized note representation through the
use of `fields = "__all__"``and shouldn’t be write-only.

refactor collection filters with django_filters

See merge request !20

This change re-implements all existing collection filters for the
APINoteViewSet with a FilterSet. No breaking changes are expected.

* TODOs are no longer part of the method description
* normalized queryset handling
* consistent formatting of method descriptions.

If notes are created through subroutes some of the data necessary to
create a note is already available through the route data and doesn’t
need to be passed as part of the request body anymore.

Notes will only be created if called through a timeslot subroute. The
typo prohibited the note creation, because timeslot_pk was always None
and caused the view to error early.

This adds a string representation for all program models except the
schedule so that it is easier to identify objects in DRF’s filter,
create, and update forms.

There were some problems during audio_url generation for notes:

1. the cba_id was never part of the Note serializer so getting
   values from the validated data needed to fail.
2. the get_audio_url utililty function returned None if
   no cba_id was provided if a the CBA_API_KEY was missing,
   but None but the respective model field is not nullable on the note.
3. Request or JSON decoder errors would bubble unhandled, even though
   audio_url generation seems to be optional and should not necessarily
   interfere with note creation.

APICategoryViewSet, APITypeViewSet, APITopicViewSet,
APIMusicFocusViewSet, APIFundingCategoryViewSet, APILanguageViewSet, and
APIHostViewSet all used the same base class implementing get_queryset
for filtering by their active state. This is now handled by a generic
FilterSet.

* normalized queryset handling
* consistent formatting of method descriptions.

There is no point in advertising the methods by inheriting from
the default CRUD viewset, if we don’t actually intend to implement them.

This change re-implements all existing collection filters for the
APITimeSlotViewSet with a FilterSet. No breaking changes are expected,
though there are some changes in semantics:

* The start and end query parameters no longer need to be specified
  together. If users only want to modify the start or end date they
  can now do that.
  If start is specified and end is not, end will be start + 60 days.
* If end was not set it would default to start + 60 days at 00:00.
  This is now fixed and end will be start + 60 days at 23:59:59.
* end now uses time.max, which selects the latest possible time on
  the specified date.
* The surrounding-filter now accepts a datetime value and will be set
  to the current time if only the query parameter but no value
  has been set.
* All filters are now applied in series. This wasn’t the case for
  every filter, e.g. the surrounding-filter would return early.

This change re-implements all existing collection filters for the
APIShowViewSet with a FilterSet. No breaking changes are expected,
though there are some changes in semantics:

* The owner, host, musicfocus, language, category, and topic
  filters now accept multiple values (i.e. ?category=2,3)
* The owner, host, musicfocus, language, category, topic, and type
  filter values are now validated and may be rejected as invalid if
  the referenced object does not exist.

django_filters will help us implement better filters for collections
with automatic integration for API documentation.

- Reorder the code inside the methods to fail fast on autorization,
- Replace `int_or_none` with a more generic solution, and move to utils,
- Add `get_values` and move `pk_and_slug` as `get_pk_and_slug` into utils,
- Replace calls to static methos in models local queries,
- Return meaningful status code while creating and updating resources,
- Return `409` when creating or updating a schedule produces a conflict.