root: fix system check warnings

[BeryJu]

Details

• Move django check command to migrate script so we can use the config loader to set --deploy correctly based on debug setting
• Disable some warnings which are caused by us using custom session and csrf middleware subclasses
• Disable some warnings which are handled by the reverse proxy (either external or go) (HSTS, https redirect)

---

Checklist

• Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

If an API change has been made

• The API schema has been updated (make gen-build)

If changes to the frontend have been made

• The code has been formatted (make web)
• The translation files have been updated (make i18n-extract)

If applicable

• The documentation has been updated
• The documentation has been formatted (make website)

[netlify]

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	473719b
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-storybook/deploys/65b0ed68b29af60008294835
😎 Deploy Preview	https://deploy-preview-8277--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[netlify]

✅ Deploy Preview for authentik ready!

Name	Link
🔨 Latest commit	7b4821a
🔍 Latest deploy log	https://app.netlify.com/sites/authentik/deploys/65b01d4c05d2ac000855b421
😎 Deploy Preview	https://deploy-preview-8277--authentik.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (a62cca3) 92.32% compared to head (473719b) 51.59%.
Report is 9 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #8277       +/-   ##
===========================================
- Coverage   92.32%   51.59%   -40.73%     
===========================================
  Files         625      626        +1     
  Lines       30832    30917       +85     
===========================================
- Hits        28465    15951    -12514     
- Misses       2367    14966    +12599     

Flag	Coverage Δ
e2e	50.01% <100.00%> (-0.54%)	⬇️
integration	26.16% <100.00%> (-0.07%)	⬇️
unit	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-root-fix-warnings-1706040656-9d1dbe4
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

For arm64, use these values:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-root-fix-warnings-1706040656-9d1dbe4-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-root-fix-warnings-1706040656-9d1dbe4

For arm64, use these values:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-root-fix-warnings-1706040656-9d1dbe4-arm64

Afterwards, run the upgrade commands from the latest release notes.