Add basic auth to the generic webhook API.

[ericholscher]

Fix a bug we've had where:

• The WebhookView is doing Basic Auth on the user, and then setting it properly on the request
• The APIWebhookView then is doing Session Auth, and doing CSRF checks on it, because that requst has a valid user

A fix is to remove all the auth methods from the "parent" view,
which this PR does.

• Replaces CSRF exempt for WebhookView when authenticate via user/pass #5009
• Fixes csrf required for triggering build via http auth authenticated webhook #4986

[davidfischer]

I think this is a decent workaround to the problem.

Overall, I do believe that a view calling other views is an anti-pattern. We should probably separate the logic out of the view (into non-view functions and classes) and have different views call these broken out bits.

[ericholscher]

Yea, it feels like other bugs are lurking in this approach, given that we're 2x processing the request, but this at least fixes the current situation.