With this patch, requests issued while the client is in the
'CONNECTING' state get queued instead of raising a misleading
'SessionExpiredError'.

This fixes https://github.com/python-zk/kazoo/issues/374, and brings
Kazoo more in line with the Java and C clients.

See the 'kazoo.client.KazooClient.state' documentation as well as
these discussions for more details:

https://github.com/python-zk/kazoo/pull/570#issuecomment-554798550
https://github.com/python-zk/kazoo/pull/583#issuecomment-586422386

Satisfy new Hound style/lint checks
Upgrade to latest 3.5.6/3.4.14 Zookeeper releases.

Since krb5 1.3 due to switch to Xenial.

fix(tests): prefix with toxinidir variable with a / to ensure path to ensure-zookeeper-env.sh is correct

 * Install debian packages for KDC as part of Travis init.
 * Setup a loopback mini KDC for running tests.
 * Run SASL tests as part of Travis builds.
 * Improve harness cluster to support:
    * Reconfiguration when environment changes.
    * Different JAAS configurations (DIGEST/GSSAPI).
 * Moved SASL tests into own module, with specially configured harness.
 * Bumped default timeout to 15 sec to mitigate false negatives on
   Travis.

feat(core): Add create2 support

New retry logic takes a maximum percentage off the canonical backoff,
ensure gradual predictable retries timings while still having a
controlable amount of jitter (re-introducing the `max_jitter` parameter)
to avoids swarming client retries.

Fix regression introduced in 60366d2c
where retry/backoff logic produced only whole second (integer) retry
delays.

This produced inadequate retries on first retry and would generally not
work on fast network where sub miliseconds retries are desired.
Additionally, with high `max_delay` setting, as the range was always
spanning from 0 until the last delay, it would also produce extremely
random results with short delays following longer ones which is contrary
to the expected backoff logic.

When connection attempts fail repeatedly (e.g. all ZK servers are
unavailable), eventually the socketpair in the ConnectionHandler fills
up, and the Client gets stuck trying to write a single byte to the
socketpair.

Avoid this by ensuring we close the socketpair on a failed connection
attempt.

* Switching to xenial distrib to make python 3.7 available

* Testing against 3.5.5 instead of 3.5.4-beta and deploying new version for python 3.7 and zk 3.5.5

* Testing against zk 3.4.14 instead of 3.4.13

* Change pattern for slf4j-log4j lib

* Since ZOOKEEPER-3156 it is now required to be authed to access ACLs

* Drop support for ZK 3.3.x and Python 3.{4,5}

In order to be better in sync with the official documentation (https://zookeeper.apache.org/doc/r3.5.5/zookeeperProgrammers.html#ch_zkSessions) it is better to rename those variables to `close` instead of `lost`.

Avoid
```
  File "/home/tests/kazoo/recipe/lock.py", line 341, in contenders
    contenders.append(data.decode('utf-8'))
AttributeError: 'NoneType' object has no attribute 'decode'
```

Add parameters to setup SSL context options and ciphers when playing with secure connection.
It can be set via a handler:
```
class MySequentialThreadingHandler(SequentialThreadingHandler):
    def create_connection(self, *args, **kwargs):
        return create_tcp_connection(socket, options=MY_OPTIONS, ciphers=MY_CIPHERS,
                                     *args, **kwargs)
```

* feat(recipe): add support for curator SharedCount recipe

This feature allows Java clients using curator's SharedCount recipe
and python clients using kazoo's Counter recipe to read and
write from the same path without receiving type errors.

example use:

counter = zk.Counter("/curator", support_curator=True)
counter += 2
counter -= 1
counter.value == 1
counter.pre_value == 2
counter.post_value == 1

Closes #558

Move SASL configuration out of auth_data into its own dictionary which exposes more SASL features (e.g. server service name, client principal...). Legacy syntax is still supported for backward compatibilty.
Remove SASL from auth_data and place it between 'connection' and 'zookeeper protocol level authentication' to simplify connection logic and bring code in line with the protocol stack (SASL wraps Zookeeper, not the other way around).
Consistent exception, `AuthFailedError`, raised during authentication failure between SASL and ZK authentication.
New 'SASLException' exception raised in case of SASL intrisinc failures.
Add support for GSSAPI (Kerberos).

Example connection using Digest-MD5:

  client = KazooClient(
      sasl_options={'mechanism': 'DIGEST-MD5',
                    'username': 'myusername',
                    'password': 'mypassword'}
  )

Example connection using GSSAPI (with some optional settings):

  client = KazooClient(
      sasl_options={'mechanism': 'GSSAPI',
                    'service': 'myzk',                  # optional
                    'principal': 'clt@EXAMPLE.COM'}     # optional
  )

fix(handlers): make AsyncResult call all registered callbacks instantly if the handler has stopped running (#549)

This avoids zombie thread to appear when creating and closing the client right after. A new unit case is added.

Accept kazoo<=2.5.0 KazooRetry 'max_jitter' argument and display a
warning for backward compatibility.

This ensures that the watcher is removed from the client listener when the func given to ChildrenWatch returns False.
Previously, the watcher was never removed so the ChildrenWatch object would endlessly grow in memory. A unit test is added to ensure this case never happen again.

Fix #542 

In the case of a zookeeper server under pressure, it will typically try to maintain the quorum rather than handling client requests. In this kind of case, the quorum is maintained, the connection works, but the client is frozen there.

Retrying after a shorter timeout means we can reconnect to another server before losing the session altogether.

fix(recipe): Fix memory leak of TreeCache recipe.

Fix memory leak on idle handler and on closed TreeCache.
Add new memory tests for TreeCache recipe that uses
objgraph and other tests for various handler on TreeCache.
Let TreeCache start in a safe way. The doc now suggest to
close unused TreeCache.

chore: 2.6.0 release and changelog

Previously, a gap between calls to `time.time()` could lead to a
situation where the current time was less than `end` during the
`while` condition, but it was greater than `end` when assigning
a value to `timeout_at`.

Add tests to ensure a socket.error is raised instead of passing a
nonpositive value as a timeout to socket.create_connection.

Add "Reviewed by Hound" badge

* docs: make badges link to travis and pypi

Pypi quit offering download stats, so remove this broken badge.

Version of Zookeeper is upgraded from 3.5.2-alpha to 3.5.4-beta for automated tests.
Reconfig now needs superuser authentification, a test is added to cover this feature.
Additionnal configuration and jvm parameters can be added when initializing
ManagedZookeeper. This is needed to ensure reconfig's tests to pass and can be used
in the future for similar needs.

Closes #477

Fixes the bug introduced by PR #512 where it is not possible to
connect in RO mode using authentication. Since the SASL
authentification feature, the _session_fallback method should
be called only after the SASL authentification is done. A new
method is added to the ConnectionHandler class in order to
correctly use KeeperState.CONNECTED or KeeperState.CONNECTED_RO.