Convert uses of $_SESSION to symfony session retrieved from the request

Problem/Motivation

Now that Symfony sessions are in place and available from $request->getSession(), core should be updated that it uses that instead of accessing $_SESSION directly. Benefits for doing that is a) code depending on the session will get easier to test b)Session::get()/Session::set() takes care of starting the session automatically. That way we can eliminate direct access to the session_manager in most places.

Proposed resolution

Remaining tasks

Subscribers, and forms:

• Drupal/Core/EventSubscriber/ReplicaDatabaseIgnoreSubscriber.php
  The session is available from the request through the event ($event->getRequest()->getSession())
• Drupal/Core/FileTransfer/Form/FileTransferAuthorizeForm.php
  The session and the request can be retrieved from the form ($this->getRequest()->getSession())
• Drupal/Core/Form/FormBuilder.php
  Use $this->requestStack->getRequest->getSession()
• core/modules/dblog/src/Controller/DbLogController.php
  Not sure. Maybe the request could be passed into DbLogController::overview() and then passed into buildFilterQuery()
• core/modules/dblog/src/Form/DblogClearLogConfirmForm.php
  use $this->getRequest()
• core/modules/dblog/src/Form/DblogFilterForm.php
  Ditto.
• core/modules/language/src/Plugin/LanguageNegotiation/LanguageNegotiationSession.php
$request passed in via method parameter.
• core/modules/locale/src/Form/TranslateFilterForm.php
  Same as previous forms.
• core/modules/locale/src/Form/TranslateFormBase.php
  Same as previous forms.
• core/modules/system/src/Controller/DbUpdateController.php
$request passed in via method parameter.
• core/modules/update/src/Form/UpdateReady.php
  Same as previous forms.
• core/modules/user/src/AccountForm.php
  Same as previous forms.
• core/modules/user/src/Form/UserPasswordResetForm.php
  Same as previous forms.
• core/modules/views/src/Plugin/views/exposed_form/ExposedFormPluginBase.php
  Not sure how to solva that
• core/modules/views/src/Plugin/views/filter/FilterPluginBase.php
  Ditto.
• core/modules/views/src/ViewExecutable.php
  Ditto.

Procedural code (maybe trickier):

• core/authorize.php
$request available in the script. Session should be available through $request->getSession()
• core/includes/batch.inc
  Session should be available through \Drupal::request()->getSession(). This might not be the case during early install pages.
• core/includes/bootstrap.inc
drupal_set_message(), drupal_get_message() is covered by #2278383: Create an injectible service for drupal_set_message()
• core/includes/database.inc
  Session should be available through \Drupal::request()->getSession().
• core/includes/form.inc
  Ditto.
• core/modules/system/system.module
  Ditto.
• core/modules/update/update.authorize.inc
  Ditto.
• core/modules/update/update.manager.inc
  Ditto.

User interface changes

API changes