Add official support for Django 5.1

[browniebroke]

Description

Add Django 5.1 to the CI matrix following the supported Python versions and declare official support.

[browniebroke]

We don't test Django main against 3.8 or 3.9 so this is unused

[auvipy]

right

[browniebroke]

Should we try to fix the issue with the new LoginRequiredMiddleware as part of this PR? #9503

[auvipy]

Should we try to fix the issue with the new LoginRequiredMiddleware as part of this PR? #9503

I think we should include that in this PR

[browniebroke]

I initially went with a custom LoginRequiredMiddleware but then realised that authentication status of a request in DRF isn't easy to figure out at the middleware level. This is because it's a combination of authentication_classes + permission_classes settings, which may come from the view or the global settings.

Additionally, I struggled a bit to test that solution as I couldn't find out a way to configure test views with a non-default DEFAULT_PERMISSION_CLASSES, and I always ended up with AllowAny in my views. I was aiming for integration style of tests: configuring a view, with URLs and setting up the whole middleware chain. I left the commit if someone is interested...

I took a step back and realised that DRF already offered a way to achieve what LoginRequiredMiddleware does, via its settings. So I ended marking DRF views as opted-out from Django's middleware, and documenting how to achieve the same thing with API views.

What do people think of the approach?

[RobKuipers]

Very nice solution. I feel LoginRequiredMiddleware is intended for 'normal' Django views, not for API calls.
Thank you very much for making this change.

[browniebroke]

Added some more integration-like type of tests to make sure every type of views are covered: class based views, function based views, viewsets and viewsets actions.