Show full name if DEFAULT_SHOW_FULL_NAME setting enabled

[42wim]

Fixes #3697 and #3509

Adds a new key DEFAULT_SHOW_FULL_NAME (default false) to the [ui] section.
If enabled the full name will be shown (unless it's empty, then
the default username will be used)

[codecov-io]

Codecov Report

❗ No coverage uploaded for pull request base (master@a84f10a). Click here to learn what that means.
The diff coverage is 40%.

@@            Coverage Diff            @@
##             master    #6710   +/-   ##
=========================================
  Coverage          ?   41.32%           
=========================================
  Files             ?      432           
  Lines             ?    59552           
  Branches          ?        0           
=========================================
  Hits              ?    24611           
  Misses            ?    31703           
  Partials          ?     3238

Impacted Files	Coverage Δ
modules/templates/helper.go	48.43% <0%> (ø)
modules/setting/setting.go	47.57% <100%> (ø)
models/action.go	58.77% <40%> (ø)
models/user.go	51.05% <50%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a84f10a...6f825fd. Read the comment docs.

[silverwind]

Please also add the new option to app.ini.sample and possibly the config cheat sheets.

[techknowlogick]

Blocking per @silverwind's comment re: docs.

[42wim]

done

[silverwind]

Thanks. One more thing I missed is the korean chinese cheat sheet. I guess it's not strictly required but if a korean speaker can contribute the description for the option, we could add it there as well.

[techknowlogick]

@silverwind zh-cn is simplified Chinese, but like you said translations for this can wait for a different PR.

docs have been added.

[lafriks]

I would prefer if it would be named as DEFAULT_SHOW_FULL_NAME so that later it could be added as per-user preference

[42wim]

• changed setting to DEFAULT_SHOW_FULL_NAME
• adds GetDisplayName function in models/user.go and use it in templates

[mrsdizzie]

This is replacing something relatively limited like usernames -- which can only be letters, numbers, _, and . -- with user controlled input that currently has no real limitations other than length.

Unfortunately, I don't think Gitea can safely handle this type of change as-is without some more in depth testing. I checked out this PR and was able to find a security issue within a few minutes:

Create an issue with a user.

Change the users full name to <script>alert(document.domain)</script>

Then visit http://example.com/user/repo/issues

It will execute the code above. This is true for any of the opened x days ago by x text generated under issues in various views. Sticking that type of user generated text into the HTML code of many pages should probably be viewed as a big change and potential security issue that requires more extensive testing, auditing, and thought. Not really the fault of the PR or this feature, but the reality of the current code having a history of input escaping/security issues due to its origin.

At minimum there should need to be some type of sanitizing of the full name and double checking of every location that would use it to make sure it isn't easy to break out of the expected HTML as seen above.

[42wim]

• created GetDisplayName() and GetDisplayNameTitle() in action.go to fix @lafriks suggestion
• @mrsdizzie issue should be fixed by the Escape sanitize