This addresses a vulnerability where there was no `X-Frame-Options` header
which could potentially allow click jacking. This adds the
`X-Frame-Options: SAMEORIGIN` header so it will remove any chance of click
jacking. According to Mozilla Developer Docs:
```
SAMEORIGIN
The page can only be displayed in a frame on the same origin as the page
itself.
```

Update three phrases with from "Internal error" to "Internal error occurred" since it's the most common phrase

Missing ":" and h2 / h3 was mixed at "Prerequisites", I guess it shall be h3 here

This pass also makes a stride at adding correct punctuation and making error
phrases consistent.

This is my attempt at removing similar texts from the translator work load.
It also makes an attempt at dropping some misspelled words and works toward
standardizing some phrases.

Previously, the create method was used to create a new instance of an orm
model (which would later result in an INSERT when persisted); however, some
classes require or utilize varying parameters to their create() method,
which PHP7 considers an error. Methods in subclasses must be defined with a
calling signature compatible with the parent class.

This patch shifts the concept of model creation to the constructor. Now, the
constructor of ORM models is required to be compatible with that of
ModelBase class. Now that most models do not define a constructor, this is
much easier to control, and much more logical.

Also, remove an issue where assignments on a relationship field to an
instance of a super class of the foreign model would raise an error. This
was previously addressed by re-classing the instance in the
ModelInstanceManager::getOrBuild(); however that design would create
multiple instances of the same object in memory, which defeats one of the
primary design concepts of the ORM. This patch addresses the issue by
allowing super-classes of the declared foreign model in relationship
assignments.

This commit attempts to remove all coding standard warnings emitted by PHP
7.0.

This patch (which needs further development), introduces an extra field to
the %attachment table to store a file's name, in the event that two files
with the same content are stored in the database with differing names. In
such a case, the name is stored in the %attachment table. This allows the
attachment to specify a different name each time the same file is attached
to something in the system.

Also make forms deleteble by marking them as deleted and hiding them from
the form listing. This ensures that custom data always has a link back to
the form.

This patch includes a slight database migration, and adjusts the
functionality of a few core components.

  * Move collaborators from the ticket to the thread.
    This concept allows collaborators on any object which has a thread,
    including tasks.

  * Add flags to the thread entry
    This will allow flagging thread entries for different purposes.
    Initially this can be used to flag the original message of a thread in
    case a ticket / thread is created without an initial message.

  * Lock becomes more of a utility
    The lock is now disconnected from the ticket and is a separate utility.
    Separately, the ticket and task objects can have a reference to a lock
    object. Furthermore, when submitting some activities to tickets, the
    lock is verified to be owned by the respective agent, and the lock code
    must match a current lock code. The code is rotated on each acquire()
    call to guard against double submissions.

  * Collaborator is an ORM model
    The TicketUser class is broken up now so that the collaborator instance
    can exist apart from a ticket. Email message ids are now generated for
    collaborators without respect for a ticket so that collaborators can be
    properly supported on any thread.

This patch rebases filters into a row-based layout and redesigns the filter
apply method to be more extensible. It also redesigns the UI to be more
dynamic and to allow for actions to be added without database modification
and actions can also have complex configurations.

Help topics can now specify one or more additional forms to be included on
the help topic and can also specify the sort order of those forms.
Furthermore, individual fields can be disabled per help topic, so that
unnecessary fields can be omitted when necessary, per help topic.

The disabled flag is recorded along side the field data so that the field
will not be accidentally added to the form later automatically. There is no
interface in this commit to enable a field which was disabled by the help
topic when ticket was created.

Add role to initial admin's profile
Add default timezone

Support duplicate names in different hierarchy
Save path on add/update
Show full department name on transfer