Convert QuerySet to list before pickling for matching hmac

[felix-engelmann]

The QuerySet of django includes fields which sometimes vary from query to query, at least with a Postgres backend. Therefore the pickled string is different which results in a different hash and a bad_hash result.
Converting the QuerySet to a simple list does not weaken any security regarding malicious changes on the preview form.

[felix-engelmann]

I experienced problems of different HMACs in a production environment with multiple worker threads and DB connections. The tests do not really reflect this. Any suggestions?

[codecov]

Codecov Report

Merging #96 (ec6850d) into master (3b16167) will increase coverage by 0.22%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master      #96      +/-   ##
==========================================
+ Coverage   93.64%   93.86%   +0.22%     
==========================================
  Files          10       10              
  Lines         519      538      +19     
  Branches       65       73       +8     
==========================================
+ Hits          486      505      +19     
  Misses         20       20              
  Partials       13       13              

Impacted Files	Coverage Δ
formtools/utils.py	100.00% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3b16167...ec6850d. Read the comment docs.