This adds a simple recovery path in case an SSL connection receives
an SSL_WANT_READ or WRITE error.  Either error can occur while
reading or writing.  The error indicates that the underlying
operation should be retried after the socket is once again readable
or writable (per the error code).

Closes #618

Co-authored-by: James E. Blair <jeblair@redhat.com>

Feat/build coverage

chore(core): Update matrix: add pypy3, drop py27

Update .travis.yml definition per warnings.
Tests are now only run on py37, py38 and pypy3.
Bumped Zookeeper to 3.5.8.

This is a faster and more idiomatic way of using itertools.chain.
Instead of computing all the items in the iterable and storing them
in memory, they are computed one-by-one and never stored as a huge
list. This can save on both runtime and memory space.

Test Kazoo with CPython 2.7, CPython 3.7 and CPython 3.8. Deploy new Kazoo version only on CPython 3.8 job success.

As of Python 3.8, "is" with a literal is a syntax warning because of the
confusion between equality and instance identity it represents.

Issue #607

Let's make our life a little easier using those templates.

See https://help.github.com/en/github/building-a-strong-community/about-issue-and-pull-request-templates for reference.

feat(core): interoperate with Go client

Per https://github.com/houndci/hound/issues/1769

Allows configurable multi-implementations cooperations in locks (e.g.
Zookeeper python & go clients contending for the same lock).

fix(core): sync() return should be unchrooted

Resolves #601

feat(test): Move to pytest

With this patch, requests issued while the client is in the
'CONNECTING' state get queued instead of raising a misleading
'SessionExpiredError'.

This fixes https://github.com/python-zk/kazoo/issues/374, and brings
Kazoo more in line with the Java and C clients.

See the 'kazoo.client.KazooClient.state' documentation as well as
these discussions for more details:

https://github.com/python-zk/kazoo/pull/570#issuecomment-554798550
https://github.com/python-zk/kazoo/pull/583#issuecomment-586422386

Satisfy new Hound style/lint checks
Upgrade to latest 3.5.6/3.4.14 Zookeeper releases.

Since krb5 1.3 due to switch to Xenial.

fix(tests): prefix with toxinidir variable with a / to ensure path to ensure-zookeeper-env.sh is correct

 * Install debian packages for KDC as part of Travis init.
 * Setup a loopback mini KDC for running tests.
 * Run SASL tests as part of Travis builds.
 * Improve harness cluster to support:
    * Reconfiguration when environment changes.
    * Different JAAS configurations (DIGEST/GSSAPI).
 * Moved SASL tests into own module, with specially configured harness.
 * Bumped default timeout to 15 sec to mitigate false negatives on
   Travis.

feat(core): Add create2 support

New retry logic takes a maximum percentage off the canonical backoff,
ensure gradual predictable retries timings while still having a
controlable amount of jitter (re-introducing the `max_jitter` parameter)
to avoids swarming client retries.

Fix regression introduced in 60366d2c
where retry/backoff logic produced only whole second (integer) retry
delays.

This produced inadequate retries on first retry and would generally not
work on fast network where sub miliseconds retries are desired.
Additionally, with high `max_delay` setting, as the range was always
spanning from 0 until the last delay, it would also produce extremely
random results with short delays following longer ones which is contrary
to the expected backoff logic.

When connection attempts fail repeatedly (e.g. all ZK servers are
unavailable), eventually the socketpair in the ConnectionHandler fills
up, and the Client gets stuck trying to write a single byte to the
socketpair.

Avoid this by ensuring we close the socketpair on a failed connection
attempt.

* Switching to xenial distrib to make python 3.7 available

* Testing against 3.5.5 instead of 3.5.4-beta and deploying new version for python 3.7 and zk 3.5.5

* Testing against zk 3.4.14 instead of 3.4.13

* Change pattern for slf4j-log4j lib

* Since ZOOKEEPER-3156 it is now required to be authed to access ACLs

* Drop support for ZK 3.3.x and Python 3.{4,5}

In order to be better in sync with the official documentation (https://zookeeper.apache.org/doc/r3.5.5/zookeeperProgrammers.html#ch_zkSessions) it is better to rename those variables to `close` instead of `lost`.

Avoid
```
  File "/home/tests/kazoo/recipe/lock.py", line 341, in contenders
    contenders.append(data.decode('utf-8'))
AttributeError: 'NoneType' object has no attribute 'decode'
```

Add parameters to setup SSL context options and ciphers when playing with secure connection.
It can be set via a handler:
```
class MySequentialThreadingHandler(SequentialThreadingHandler):
    def create_connection(self, *args, **kwargs):
        return create_tcp_connection(socket, options=MY_OPTIONS, ciphers=MY_CIPHERS,
                                     *args, **kwargs)
```

* feat(recipe): add support for curator SharedCount recipe

This feature allows Java clients using curator's SharedCount recipe
and python clients using kazoo's Counter recipe to read and
write from the same path without receiving type errors.

example use:

counter = zk.Counter("/curator", support_curator=True)
counter += 2
counter -= 1
counter.value == 1
counter.pre_value == 2
counter.post_value == 1

Closes #558

Move SASL configuration out of auth_data into its own dictionary which exposes more SASL features (e.g. server service name, client principal...). Legacy syntax is still supported for backward compatibilty.
Remove SASL from auth_data and place it between 'connection' and 'zookeeper protocol level authentication' to simplify connection logic and bring code in line with the protocol stack (SASL wraps Zookeeper, not the other way around).
Consistent exception, `AuthFailedError`, raised during authentication failure between SASL and ZK authentication.
New 'SASLException' exception raised in case of SASL intrisinc failures.
Add support for GSSAPI (Kerberos).

Example connection using Digest-MD5:

  client = KazooClient(
      sasl_options={'mechanism': 'DIGEST-MD5',
                    'username': 'myusername',
                    'password': 'mypassword'}
  )

Example connection using GSSAPI (with some optional settings):

  client = KazooClient(
      sasl_options={'mechanism': 'GSSAPI',
                    'service': 'myzk',                  # optional
                    'principal': 'clt@EXAMPLE.COM'}     # optional
  )