Replace pickle with JSON

[Mogost]

In collaboration with @ivan-klass, this pull request addresses a critical issue in the django-constance where values were saved using Python's pickle serialization. Moreover redis and database backends do this quite differently. That approach posed significant security risks and made the stored data incompatible with other programming languages.

Changes Introduced

Implemented a custom JSON serializer and deserializer for django-constance.
The new serializer encodes objects in the format:

{"__type__": "discriminator", "__value__": "..."}

This change enhances security by eliminating the use of pickle and ensuring the data remains human-readable and backend-agnostic.
It also enables interoperability with other programming languages since the JSON format is widely supported.

Benefits

1. Security: The removal of pickle mitigates the associated security vulnerabilities.
2. Readability: The stored values are now in a JSON format, making them easily understandable regardless of the backend.
3. Interoperability: JSON is a universal format, enabling the data to be accessed and manipulated in other programming languages without the need for unpickling Python-specific objects.
4. Backend Unification: The new approach provides a unified way to store and retrieve values, regardless of the backend being used.

Risks

• Backward Compatibility: Existing data stored using pickle may not be compatible with the new JSON-based serialization. Our changes contain migration strategy, but not all cases might be covered. As a result, this change should bump a major version part.

Fix #101

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 86.09%. Comparing base (ef24fcb) to head (d32d3b0).
Report is 20 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #564      +/-   ##
==========================================
- Coverage   89.92%   86.09%   -3.84%     
==========================================
  Files          31       21      -10     
  Lines        1032      719     -313     
  Branches      104      124      +20     
==========================================
- Hits          928      619     -309     
+ Misses         69       66       -3     
+ Partials       35       34       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[camilonova]

@Mogost I love it. Please fix the coverage warnings to merge it.

[Mogost]

@Mogost I love it. Please fix the coverage warnings to merge it.

Done. All new lines are covered.

[phb-teleclinic]

@Mogost how should one go about upgrading to constance V4 without downtime? Doesn't the migration breaking running old versions immediately?

[Mogost]

@phb-teleclinic i think its not possible to migrate v2 -> v3 / v3 -> v4 without downtime.

[phb-teleclinic]

@Mogost @camilonova, would you approve a contribution to the 3.x branch to make a release that can both read JSON and Pickle values?

[Mogost]

json/pickle change is in v4. v3 contains table change. Both changes are backward incompatible.
If you strongly need migration without downtime, you can create a proxy object on your own side to maintain compatibility during the transition. However, I wouldn't want to see backward compatibility code in django-constance.