Never suppress errors during manager start-up and disable device
When the manager fails in reaching all used webservers, it causes an unchecked and confusing exception in _inject_managed_keys(). While _check_servers() does track issues and report them, it only does so via _set_error (causing the device to transition to ERROR and a status change). The initialization continues however and tries to look up a missing key.
This PR changes onInitialization to check for failed initialization between each step and abort if needed. It also changes _check_servers() to call _set_fatal() rather than _set_error() if running during initialization. Finally it ensures that the default scene is able to open in this state with a missing correction device schema.
EDIT: After discussions with @degon I changed the state machine to use State.UNKNOWN for unrecoverable errors instead of State.DISABLED. As this state was previously used to indicate a changed device server config, I chose to make those INITONLY. Somehow it doesn't seem particularly useful to change them during the runtime of the manager, as it could potentially even lead to incompatible correction device schemas.
I remember seeing this problem in the past, but I either didn't find any fix since then or we forgot about it.
@degon We're using State.DISABLED vs State.ERROR to distinguish between unrecoverable and recoverable error states. While this works, State.DISABLED is not communicated as well as State.ERROR through the GUI. Is there any better canonical behaviour on how to report fatal problems during initializations (or post-initialization)? I tried raising an exception, but I just get the same unreadable strack trace as before this PR in framework code. It might be nice to have separate error states for this, both communicated as an error in karabo-gui while allowing for differences in the state machine.