Removing .format() from format_html

Fixing XSS scripting bug with the "next" variable when searching for a user to
impersonate.

Special thanks to Santos Gallegos @ Read The Docs for the security/bug report.

Updating docs for new version

Fixes bug where impersonating user isn't properly logged when MAX_DURATION
timeout occurs.

Thanks to Matt Klein for the bug report.

Add Django 5.0 compatibility (reverse function)

I have added a `compat` module to handle the migration of the `reverse`
function from django.core.urlresolvers to django.urls.

I have updated the tests to handle the change in 4.2 to 5.0 where request
params passed to a SimpleListFilter are passed as list of values, not just
one.

I have updated the build matrix to include Django5.0 and the main branch, as
well as Python 3.12.

Removed usages of django.utils.timezone.utc for Django 5.0 support.

Added tag 1.9.1 for changeset 9de0949947b4

Removed tag 1.9.0

Minor version bump because I screwed the 1.9.0 commits.

Added tag 1.9.0 for changeset d4df78cede73

Version update in README files

Changes for 1.9.0 release

Added CUSTOM_READ_ONLY setting to customise when to restrict to read only access - Refs #70

Allow OPTIONS requests when READ_ONLY is True - Refs #69

Prevent redirect loop when MAX_DURATION is used - Refs #67

Updating changelog

README update

Updating classifiers per ~petersanchez/django-impersonate#64

Minor readme update

Added tag 1.8.1 for changeset 2eb8996b09d8