Switch default list of page 2 variables from 'all of them' to 'Nothing'.

[pjz]

In #165 we added __all__ as a way to specify what variables get 'exported' from page 2 to the template. The default behavior, if no __all__ exists, is to export everything. This is arguably a security footgun, and the default behavior should be changed to export nothing, thus making all exports explicit.

Note that changing it will break everything: all test that use simplates, all existing aspen sites. Everything. To save us some work, we need an 'unstrict' config flag or something that will preserve old behavior.

[chadwhitacre]

Idea on October 2014 call: how about constraining to locals() rather than whitelisting with __all__?

[chadwhitacre]

@Changaco What do you think of this for 1.0 (#357)?

[Changaco]

I think that the implicit passing of variables between pages is precisely the strength of simplates. AspenWeb/aspen.py#27 seems like a better solution to me than changing the default behaviour of simplates.

[chadwhitacre]

This goes away if we ditch simplates in AspenWeb/aspen.py#30. 😈