Disable groups by default and Some optimizations

- Put groups support behind a feature flag, and disabled by default.
  The reason is that it has some known issues, but we want to keep
  optimizing this feature. Putting it behind a feature flag could help
  some users, and the developers into optimizing this feature without to
  much trouble.

Further:

- Updates Rust to v1.66.0
- Updated GHA workflows
- Updated Alpine to 3.17
- Updated jquery to v3.6.2
- Moved jdenticon.js to load at the bottom, fixes an issue on chromium
- Added autocomplete attribute to admin login password field
- Added some extra CSP options (Tested this on Safari, Firefox, Chrome, Bitwarden Desktop)
- Moved uppercase convertion from runtime to compile-time using `paste`
  for building the environment variables, lowers heap allocations.

src/util.rs

@@ -63,6 +63,8 @@ impl Fairing for AppHeaders {
             // app.simplelogin.io, app.anonaddy.com, api.fastmail.com, quack.duckduckgo.com
             let csp = format!(
                 "default-src 'self'; \
+                base-uri 'self'; \
+                form-action 'self'; \
                 object-src 'self' blob:; \
                 script-src 'self'{script_src}; \
                 style-src 'self' 'unsafe-inline'; \
@@ -74,12 +76,12 @@ impl Fairing for AppHeaders {
                   moz-extension://* \
                   {allowed_iframe_ancestors}; \
                 img-src 'self' data: \
-                  https://haveibeenpwned.com/ \
+                  https://haveibeenpwned.com \
                   https://www.gravatar.com \
                   {icon_service_csp}; \
                 connect-src 'self' \
-                  https://api.pwnedpasswords.com/range/ \
-                  https://2fa.directory/api/ \
+                  https://api.pwnedpasswords.com \
+                  https://2fa.directory \
                   https://app.simplelogin.io/api/ \
                   https://app.anonaddy.com/api/ \
                   https://api.fastmail.com/ \