deprecate most config attributes

[davidism]

The Flask app object has some "config attributes", properties that are shortcuts to getting/setting certain app.config keys. There doesn't seem to be much consistency to which keys are exposed as attributes, and most of them don't seem useful as attributes.

• debug, testing, and secret_key These should stay for now, they are shortcuts for common enough situations.
• session_cookie_name It's not clear why this is an attribute. None of the other session cookie options are exposed as attributes, and it seems much more common to want to change those.
• permanent_session_lifetime I think this is an attribute only so that it doesn't have to be converted from int to timedelta in two places. However, just like the name, this doesn't seem like something that belongs as an attribute more than the other options.
• send_file_max_age_default Again this does a conversion from int to timedelta. But it's only used in one place, get_send_file_max_age.
• use_x_sendfile This only works when behind a correctly configured Apache server, not any other server setup. It's not clear why this should be an attribute, it's a very niche case.
• env This is going away with deprecate FLASK_ENV #4714
• propagate_exceptions is only used in handle_exception, and is a very internal behavior. This property can't be set, but it does have some logic to fall back to testing or debug.
• templates_auto_reload I added this as part of making setting debug reset the property on the Jinja env. However, setting this property itself doesn't do that. There's no particular reason to expose this as an attribute.

[davidism]

permanent_session_lifetime is a helper for custom session interfaces to not need to do the int/timedelta conversion, so I'll leave that.