… dont expose those controls for new apps by default (rails#51831)

… dont expose those controls for new apps by default (rails#51831)

… dont expose those controls for new apps by default (rails#51831)

* rails#51831
* rails#51342
* rails#52887

Probably more, these are the ones I noticed.

* rails#51831
* rails#51342

Probably more, these are the ones I noticed.

TODO:
- in this commit: config/environment/production.rb
- in a subsequent commit: remove the defaults file and update the
  defaults loaded in config/application.rb

I retained the deprecation warnings in dev and test, since it seems
sensible to be warned about deprecated code. Upstream PR that removed
this: rails/rails#51831

https://guides.rubyonrails.org/upgrading_ruby_on_rails.html#the-update-task

I retained the deprecation warnings in dev and test, since it seems
sensible to be warned about deprecated code. Upstream PR that removed
this: rails/rails#51831

`config.silence_healthcheck_path = "/up"` -> I don't think we use `/up`
for healthchecks, and I'm not sure that we'd want to silence them, so
I've commented out this new setting

A few settings that we never changed from their defaults were changed in
7.1.0, but not in our app. Our git history doesn't explain why they were
ignored, so I'm updating them now:
- logging settings
- public file server settings
- `config.force_ssl = true`

https://guides.rubyonrails.org/upgrading_ruby_on_rails.html#the-update-task

I retained the deprecation warnings in dev and test, since it seems
sensible to be warned about deprecated code. Upstream PR that removed
this: rails/rails#51831

In production, I commented out the new setting
`config.silence_healthcheck_path = "/up"`. I don't think we use `/up`
for healthchecks, and I'm not sure that we'd want to silence them

Also in production, a few settings that we never changed from their
defaults were changed in 7.1.0, but not in our app. Our git history
doesn't explain why they were ignored, so I'm updating them now:
- logging settings
- public file server settings
- `config.force_ssl = true`

https://guides.rubyonrails.org/upgrading_ruby_on_rails.html#the-update-task

I ignored most changes to config/application.rb and config/puma.rb, except
ignoring assets and tasks subdirectories when autoloading the lib
directory. This was ignored in [the 7.1 upgrade](0b02a4f), but it looks like all
other alphagov apps with this config include these default ignored
subdirectories

I retained the deprecation warnings in dev and test, since it seems
sensible to be warned about deprecated code. Upstream PR that removed
this: rails/rails#51831

In production, I decided to retain the evented file watcher. I added this to this app in 60715d0,
after the 7.2.0 upgrade, but I'm not clear why. It was removed from the default Rails config
in rails/rails@e34300a, released in 7.0.0. However, a comment on that PR noted that the evented
file watched does sometimes perform better than the implicit default: rails/rails#42985 (comment). I've run the
the benchmarks reported in that comment (loading the app's models) on my M2 Air and found a smaller difference but still consistently in favour of the evented file
watcher. In three tests, the non-evented file watcher took 1.88, 4.20,
and 2.42 milliseconds, whereas the evented one took 0.16, 0.02, and 0.02
milliseconds

Also in production, I commented out the new setting
`config.silence_healthcheck_path = "/up"`. We use '/healthcheck' rather
than `/up`, and I'm not sure that we'd want to silence logs from this

I skipped the attributes_for_inspect change, per the [Signon upgrade]()

A few settings that we never changed from their
defaults were changed in 7.1.0, but not in our app. Our git history
doesn't explain why they were ignored, so I'm updating them now:
- logging settings
- public file server settings
- `config.force_ssl = true`

I ignored most changes to config/application.rb and config/puma.rb,
except ignoring assets and tasks subdirectories when autoloading the lib
directory. This was ignored in [the 7.1
upgrade](0b02a4f),
but it looks like all other alphagov apps with this config include these
default ignored subdirectories

I retained the deprecation warnings in dev and test, since it seems
sensible to be warned about deprecated code. Upstream PR that removed
this: rails/rails#51831

In production, I decided to retain the evented file watcher. I added
this to this app in
60715d0,
after the 7.2.0 upgrade, but I'm not clear why. It was removed from the
default Rails config in
rails/rails@e34300a,
released in 7.0.0. However, a comment on that PR noted that the evented
file watched does sometimes perform better than the implicit default:
rails/rails#42985 (comment). I've
run the the benchmarks reported in that comment (loading the app's
models) on my M2 Air and found a smaller difference but still
consistently in favour of the evented file watcher. In three tests, the
non-evented file watcher took 1.88, 4.20, and 2.42 milliseconds, whereas
the evented one took 0.16, 0.02, and 0.02 milliseconds

Also in production, I commented out the new setting
`config.silence_healthcheck_path = "/up"`. We use '/healthcheck' rather
than `/up`, and I'm not sure that we'd want to silence logs from this

I skipped the attributes_for_inspect change, per the [Signon
upgrade](alphagov/signon@fb0b346)

A few settings that we never changed from their defaults were changed in
7.1.0, but not in our app. Our git history doesn't explain why they were
ignored, so I'm updating them now:
- logging settings
- public file server settings
- `config.force_ssl = true`

I ignored most changes to config/application.rb and config/puma.rb,
except ignoring assets and tasks subdirectories when autoloading the lib
directory. This was ignored in [the 7.1
upgrade](0b02a4f),
but it looks like all other alphagov apps with this config include these
default ignored subdirectories

I retained the deprecation warnings in dev and test, since it seems
sensible to be warned about deprecated code. Upstream PR that removed
this: rails/rails#51831

In production, I decided to retain the evented file watcher. I added
this to this app in
60715d0,
after the 7.2.0 upgrade, but I'm not clear why. It was removed from the
default Rails config in
rails/rails@e34300a,
released in 7.0.0. However, a comment on that PR noted that the evented
file watched does sometimes perform better than the implicit default:
rails/rails#42985 (comment). I've
run the the benchmarks reported in that comment (loading the app's
models) on my M2 Air and found a smaller difference but still
consistently in favour of the evented file watcher. In three tests, the
non-evented file watcher took 1.88, 4.20, and 2.42 milliseconds, whereas
the evented one took 0.16, 0.02, and 0.02 milliseconds

Also in production, I commented out the new setting
`config.silence_healthcheck_path = "/up"`. We use '/healthcheck' rather
than `/up`, and I'm not sure that we'd want to silence logs from this

I skipped the attributes_for_inspect change, per the [Signon
upgrade](alphagov/signon@fb0b346)

A few settings that we never changed from their defaults were changed in
7.1.0, but not in our app. Our git history doesn't explain why they were
ignored, so I'm updating them now:
- logging settings
- public file server settings
- `config.force_ssl = true`