Backport unpermitted params

[cbeer]

Backport of #2717.

To maintain backwards compatibility, defaults blacklight_config.filter_search_state_fields to false, which means we only warn about the parameters instead of filtering them out. This gives plugins and downstream apps a chance to add either permitted_params for a custom FilterField, or add configuration to search_state_fields.

[barmintor]

• run blacklight_range_limit/master CI against branch
• run blacklight_range_limit/v8.1.0 CI against branch
• run geoblacklight/main CI against branch
• run blacklight_oai_provider against branch
• run spotlight/master against branch

[barmintor]

geoblacklight/master outputs a lot of:

DEPRECATION WARNING: Blacklight 8 will filter out non-search parameter, including: bbox. (called from permit_search_params at /Users/ba2213/.rvm/gems/ruby-3.0.0/bundler/gems/blacklight-9644976c01ad/lib/blacklight/parameters.rb:77)
/Users/ba2213/.rvm/gems/ruby-3.0.0/bundler/gems/blacklight-9644976c01ad/app/views/catalog/_search_form.html.erb is a deprecated partial.

as intended.

[barmintor]

blacklight_oai_provider outputs a lot of:

DEPRECATION WARNING: Blacklight 8 will filter out non-search parameter, including: from, metadataPrefix, until, and verb. (called from permit_search_params at /Users/ba2213/.rvm/gems/ruby-2.7.5/bundler/gems/blacklight-9644976c01ad/lib/blacklight/parameters.rb:77) (4 times); e.g.: 

as intended.

[barmintor]

blacklight_range_limit/master has been updated to register the params; the last released version (v8.1.0) passes CI against the branch with:

DEPRECATION WARNING: Blacklight 8 will filter out non-search parameter, including: commit and range. (called from permit_search_params at /Users/ba2213/Github/projectblacklight/blacklight/lib/blacklight/parameters.rb:77) (1 times); e.g.:

[barmintor]

spotlight/master a bit harder to test because there are 2 or 3 (depending on ruby 3 or 2.7) expected unrelated failures (see #2816). I am seeing a lot of:

DEPRECATION WARNING: Blacklight 8 will filter out non-search parameter, including: browse_category_id, exhibit_id, and id. (called from permit_search_params at /Users/ba2213/.rvm/gems/ruby-3.0.0/bundler/gems/blacklight-9644976c01ad/lib/blacklight/parameters.rb:77) (2 times); e.g.: 

[barmintor]

By way of review I've also drafted a PR to blacklight_range_limit following this pattern: projectblacklight/blacklight_range_limit#186

Running locally with solr_wrapper pinned to 8.9.0 and using this branch of blacklight 7, it is passing.

[barmintor]

I also note that range limit and spotlight are both getting deprecation warnings for id... should we just add that to Blacklight::Configuration::BASIC_SEARCH_PARAMETERS?

[barmintor]

I've tested against the last release tags of the plugins I know about, and things are working as expected. I can see it's a bit of a drag to get the merge working on permitted params, but I think the approach here is strictly an improvement.