Nuke User.is_internal

Requires !1933 (merged), closes #1467 (closed)

• User.is_internal removed. All users with is_internal set are automatically promoted to Django admins to avoid breakage.
• Admins and Ponos tasks get the S3 PUT URL for folder thumbnails, instead of admins and internal users.
• Admins and Ponos tasks can create an element with a WorkerRun, instead of admins and internal users.
• Admins and Ponos tasks can create a classification with a WorkerRun, instead of only internal users (not admins!). The old behavior was inconsistent with elements, metadata and entities.
• Admins and Ponos tasks and admins can create a transcription with a WorkerRun, instead of only internal users (not admins!). The old behavior was inconsistent with elements, metadata and entities.
• Admins and Ponos tasks can create or update metadata that does not match any AllowedMetaData, instead of admins and internal users.
• New AllowedMetaData are created automatically when none is found for a new metadata created by an admin or a Ponos task, instead of an admin or an internal user.
• Only Ponos tasks (not admins!) can create a WorkerVersion, instead of only internal users.
• Images created by Ponos tasks via CreateIIIFInformation get an instant checked status, instead of internal users.
• The S3 GET URL for images is returned for both admins and Ponos tasks, instead of admins and internal users.
• Admins and Ponos tasks get the S3 GET URL of a DataFile, instead of admins and internal users. This implies they can get it with read access on the project, since they can't get the DataFile at all otherwise.
• Admins and Ponos tasks can update worker activities, instead of internal users and Ponos tasks.
• Ponos tasks can get the Git clone URL of a Repository, which includes the OAuth token, but only when it is the repository of the process of the current task.