249 - Fix invalid access token error

[Janell-Huyck]

Fixes #249

This PR creates another controller "concern", ExceptionHandlingManager, to take care of the InvalidAuthenticityToken error and to collect other custom error handling created in the future.

It is called inside the application_controller and does the following:

• logs a warn-level message
• resets the session (logs out old users)
• redirects the user to the root_page or manage_page as appropriate, with a flash warning message

Tests:

• Unit tests: spec/controllers/concerns/exception_handling_manager_spec.rb

• Feature tests: I created a series of tests to address how the application should or should not be able to be accessed in combinations of the following issues:

  • The app is out of date
  • The user has an invalid authenticity token
  • The user isn't logged in

  This series of tests is why I marked this PR as "large". They are in the folder: spec/features/application_access/

Additional changes

• Resets the session upon successfully logging in as an admin (to prevent session fixation attacks). This incidentally fixes the bug that allowed a user to log in as both an admin and a submitter at the same time.
• Skips user validation for "closed" and "finished" pages to avoid an infinite looping bug encountered while testing
• Clarifies a few lines in submitters_controller_spec

[crowesn]

Not directly related to this PR, but wondering if this function might find a better home in /spec/support.

[crowesn]

This is a dense PR, good work, merging.