gklyne/annalist: Deployment hardening; use gunicorn HTTP server; bug fixes

This is a maintenance release for more robust deployments, particularly for public web access: the Annalist app uses the production-grade gunicorn server (rather than Django's development server); static files can be served directly by a front-end Apache or Nginx HTTP server; deployment with HTTPS and LetsEncrypt certificates is more fully tested and documented; dynamic CSRF-protection secret generation. annalist-manager changes to support these deployment patterns. Also, numerous bug-fixes and small improvements