Update Jinja2 to 2.10.1, Ansible to 2.6.14 and SQLAlchemy to 1.3.0

[emkll]

Status

Ready for review

Description of Changes

Closes #4345, Closes #4350, towards #4343 :

dev-requirements.txt cannot be updated yet due to molecule pinning version of Jinja2: https://github.com/ansible/molecule/blob/master/setup.cfg#L80
An upstream issue has been opened to track

Testing

Minor version bumps and automated testing should have sufficient coverage

• Jinja2 was updated to 2.10.1 everywhere except in develop-requirements.txt: that will require updating the molecule dependency.
• Ansible was updated to 2.6.14 everywhere.
• SQLAlchemy was updated to 1.3.0 everywhere

Deployment

• App dependencies will be brought in via securedrop-app-code package
• Admin dependencies via the GUI updater/securedrop-admin setup
• Dev dependencies should be installed via pip by developers

Checklist

If you made non-trivial code changes:

• I have written a test plan and validated it for this PR

[codecov-io]

Codecov Report

Merging #4346 into develop will decrease coverage by 0.07%.
The diff coverage is n/a.

@@             Coverage Diff             @@
##           develop    #4346      +/-   ##
===========================================
- Coverage    84.84%   84.76%   -0.08%     
===========================================
  Files           44       44              
  Lines         2797     2797              
  Branches       305      305              
===========================================
- Hits          2373     2371       -2     
- Misses         357      358       +1     
- Partials        67       68       +1

Impacted Files	Coverage Δ
securedrop/securedrop/crypto_util.py	94.73% <0%> (-1.76%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f0f2240...2d2c61f. Read the comment docs.

[emkll]

Used pkgdiff and GitHub to review the diffs:

Jinja2-2.10 -> 2.10.1

1. Compared source tarballs:
   Jinja2-2.10.tar.gz : f84be1bb0040caca4cea721fcbbbbd61f9be9464ca236387158b0feea01914a4 Jinja2-2.10.1.tar.gz : 065c4f02ebe7f7cf559e49ee5a95fb800a9e4528727aec6f24402a5374c65013

2. GitHub review of Jinja2 (2.10->2.10.1) LGTM, corresponds to tarball changes and address the CVE and nothing else:
   pallets/jinja@2.10...2.10.1

Ansible 2.6.8 -> 2.6.14

1. Compared source tarballs:
   ansible-2.6.14.tar.gz: 412f130f4c5d1953ccd95f01b5a4675cbff4ba225762bafb74a2f3bb6c807827
   ansible-2.6.8.tar.gz: 012649806427e630ef8e8b71d42483af882bc39ade3b19e1f369b14c0afd5b87

2. Github review LGTM, corresponds to tarball changes, a large amount of testing code was added
   https://github.com/ansible/ansible/compare/af5ef7c802d569726e38f4b4b46063b7242a0024..446012263a60acf28f484a2e5a6fa327315ae8e3

SQLAlchemy 1.2.0 -> 1.3.3

1. Compared source tarballs:
   SQLAlchemy-1.2.0.tar.gz: 7dda3e0b1b12215e3bb05368d1abbf7d747112a43738e0a4e6deb466b83fd88e
   SQLAlchemy-1.3.3.tar.gz: 91c54ca8345008fceaec987e10924bf07dcab36c442925357e5a467b36a38319

2. Github review LGTM and corresponds to tarball changes:
   https://github.com/sqlalchemy/sqlalchemy/compare/rel_1_2_0..rel_1_3_3

[redshiftzero]

I rebased this on latest develop to re-run CI given the large python 3 merge that occurred since this PR was started, there looks to be one legitimate test failure (see the app-tests and python3-app-tests CI jobs) due to the sqlalchemy update

[redshiftzero]

provided CI passes, this is good to merge. thanks for diff/changelog review @emkll