So that it can be disabled by subclassing.
… because it doesn't work with URLs that have query strings.
This uses a few new methods in oscar.core.application.Application which enable custom decorators to be set for given view fns. The main use case at the moment is to make it easy to ensure that checkout is not available to non-logged-in users when OSCAR_ALLOW_ANON_CHECKOUT is set to False.
Plus minor WS tidyup