This allows tests in environments that haven't loaded OIDC to continue
running.

See https://docs.pytest.org/en/latest/reference/fixtures.html#conftest-py-sharing-fixtures-across-multiple-files
for notes on shared fixtures.

Updated:

test_toggle_condition_url_patterns (Simplified, and now only checks the
reversed route, rather than the string)

New checks for user permissions:

* test_action_toggle_commitment_denies_user_without_permission
* test_action_toggle_condition_denies_user_without_permission
* test_action_select_reason_denies_user_without_permission

New checks for HTTP methods:

* test_action_toggle_commitment_rejects_non_put_method
* test_action_toggle_condition_rejects_non_put_method
* test_action_select_reason_rejects_non_put_method

New checks for expected results:

new: test_action_toggle_commitment_allows_authorized_put_and_updates_commitment
new: test_action_toggle_condition_allows_authorized_put_and_updates_status
new: test_action_select_reason_allows_authorized_put_and_sets_reason

I used Copilot to help create these tests.

This fixes an auth issue. It was possible to POST a
change to a project, without even being authenticated.
The only safeguard was the user interface, that didn't
offer make it possible.

This adds @permission_required("projects.change_project")
to the view, and some tests.

* added a fixture for a user with  permission to change a project
* added a test: do we reject changes from unauthenticated users?
* added a test: do we reject changes from unauthorised users?
* added a test: do we allow and save changes from users with the right permissions?

I used Copilot to uncover the issue and help create the tests.