Previously we've used one semaphore per all ongoing authentication attempts, which is suboptimal given the existence of a lot of consumers, including ongoing (D)DoS or distributed bruteforce attack. ASF should be as resistant to that as possible, therefore it makes sense to replace the global semaphore with per-IP semaphore (actually task), that can control the access just as well, without stopping other consumers from accessing the same authentication process concurrently.
It failed because it couldn't find immutable collections, ASF doesn't have it either, it doesn't look like it's needed to satisfy the compiler anymore (SK2 includes it through protobuf-net)
This actually does two things: client caching and server caching
Client caching considers only static files, for which we instruct the web browser to revalidate each cache usage with our server to ensure that it's up-to-date.
Server caching with those settings actually doesn't work (nothing to do), but may in the future as lack of no-store means that server is technically allowed to cache I/O read files for as long as it can guarantee they didn't change on the disk.
Closes#2316
The issue we're facing right now comes from the fact of desynchronization of packages between different projects. Since I didn't find any way to "fix" the package versions of our plugins to the main ASF project, we'll instead use centralized Directory.packages.props which specifies appropriate versions
