Also moves the segmented permissions regex to a named var.

Currently i18n'd strings that are defined at compile time only return
english text. This occurs with both system and user locale
strings. For system locale, the locale can be changed via setting, so
we can't rely on the JVM locale on startup to be correct as it may
have changed. For the user locale, it could be different for every
request.

This commit adds two new `tru` and `trs` macros that have the same
name as the `puppetlabs.i18n.core` macros (and thus will be extracted
similarly) but will return a defrecord with a `toString` method. This
delays the conversion of the english text to the translated text until
`str` is invoked. All of the code hasn't been flipped to use the new
i18n macros yet, but this gets it in place and tested for the rest of
the application to be migrated to.

Fixes #8245

This commit adds a flag to allow dates parsed from BigQuery to be
parsed in the JVM's timezone rather than UTC. By default all BigQuery
dates are in UTC but it's possible to modify the timezone via a
function invocation. This flag allows installs that have all of their
queries modifying the timezone in that way to match the actual and
expected timezones via setting the JVM's timezone.

This adds a new table for storing sync metrics and a quartz task for
cleaning up old entries in the table.

For now this only stores sync metrics and metadata for the task
history cleanup task. Going forward our other background tasks would
store information as well to help with debugging/troubleshooting those
tasks.

Fixes #7611

When connecting to a Google service, we identify ourselves with a
string that includes version, hash and branch information. If a user
downloads a Metabase tarball from Github, it won't have that Git
metadata and we will throw a NullPointerException on startup.

This commit just ensures we always have a value for that string, even
when there is no git metadata available.

Fixes #8368

Our existing remappings code didn't work when an MBQL fields clause is
present. Typically that fields clause is populated by the
`add-implicit` middleware, but that doesn't happens with the user
included fields.

Fixes #8270

When POSTing to the `/dataset` endoint, there was code that if the
database was our fake database id (used for nested queries) but that
same check wasn't present for the dataset exports. This commit adds
that check and a test that validates it.

Fixes #8256

The issue was around our usage of `du/format-date` with a built-in
date format (`:date-hour-minute-second-ms`). Those Joda Time date
formatters don't default to the system timezone, which the code
assumed. Instead it defaults to UTC. We have code in the MySQL driver
that works around a MySQL driver bug by converting the date to a
string and then using the MySQL `convert_tz()` function. That code was
converting the date from the system timezone to the report timezone,
rather than UTC, which is what the Joda Time date formatter was
returning.

Fixes #8262

Previously an NullPointerException would be thrown if the Pulse was a
bar graph and the resultset contained a nil value for the x or y
axis. This commit just omits those rows so that it doesn't fail and
renders the data it does have.

Fixes #8260

Ensure that the new nested query FK tests don't run on drivers that
don't support both nested queries and FKs. Also needed to fixup
integer data types for Oracle and a nested order by issue for SQLServer

Mostly this change involves resolving the nested query, then using
that resolved nested query along with the top level breakout clause to
figure out if we need to add more fields to be projected from that
inner query.

The code previously was resolving that nested query but wasn't
resolving the breakouts after and reconciling that fields list. This
also adds some tests for these nested FK scenarios.

The other endpoints in the pulse API have switch over to
accepting/returning HybridCards but `/pulse/test` was still expecting
a `CardRef`. This caused issues when the UI which was using the
results of the GET request in the body of the `/pulse/test` POST.

Fixes #8228

The collection_id is needed to check the permissions of the card,
added it an a test that will catch this kind of problem in the future.

Fixes #8210

When `MB_ENCRYPTION_SECRET_KEY` is set, we assume that all settings
have been encrypted. If a setting has not been encrypted, decryption
fails, but the original setting is returned. This causes Metabase to
behave correctly but have very noisy logging as when the decrypt fails
an error is logged.

This commit changes the `maybe-decrypt` behavior to more closely
examine the ciphertext to ensure it is something that can be
decrypted. If it looks like something that can be decrypted, but
decription fails (i.e. what if an unencrypted string is multiple of
the cipher block size) then log a warning as it's probably not an
issue, but could be.

Fixes #8151