Implement OAuth2 provider (#927)

- [x] Application management
  - [x] Link
  - [ ] Tests
- [x] Authorize flow
  - [x] Tests
- [x] Refresh token handling
  - [x] Tests
- [x] Revocation endpoint
  - [x] Tests
  - [x] Mitigate: https://github.com/jazzband/django-oauth-toolkit/issues/585
- [x] API authenticator / permission driver
  - [x] Test
- [x] Enforce organizer restriction
  - [x] Tests
- [x] Enforce scope restriction
  - [x] Tests
- [x] Show current applications to user
  - [x] Revoke
  - [x] Tests
- [x] Log new authorizations
  - [x] notify user
- [x] Ensure other grant types are not available
- [x] Documentation
- [x] check if revoking access toking, then refreshing gets rid of organizer constraint
- [x] Show logentry foo

src/pretix/control/views/event.py

@@ -347,6 +347,7 @@ class EventSettingsFormView(EventPermissionRequiredMixin, FormView):
                         for k in form.changed_data
                     }
                 )
+            self.form_success()
             messages.success(self.request, _('Your changes have been saved.'))
             return redirect(self.get_success_url())
         else:
@@ -824,7 +825,9 @@ class EventLog(EventPermissionRequiredMixin, ListView):
     paginate_by = 20
 
     def get_queryset(self):
-        qs = self.request.event.logentry_set.all().select_related('user', 'content_type').order_by('-datetime')
+        qs = self.request.event.logentry_set.all().select_related(
+            'user', 'content_type', 'api_token', 'oauth_application'
+        ).order_by('-datetime')
         qs = qs.exclude(action_type__in=OVERVIEW_BLACKLIST)
         if not self.request.user.has_event_permission(self.request.organizer, self.request.event, 'can_view_orders',
                                                       request=self.request):