update all database apis on the JSON side to interact in terms of user ids as the primary identifier rather than an email address.  first step toward migrating to userid in sessions instead of email addresses to solve issue #388 (and others like it) and pave the way for primaries

email_for_token now returns whether the user must set a password to finish adding an email to their browserid account.  also write (failing) tests for imminent changes to complete_email_addition api.  also refactor db layer, adding haveVerificationToken to move code off of emailForVerificationToken that only cares about whether a verification token exists or not.  whew.

SCHEMA CHANGE: password is now nullable in schema.  also, add .createUserWithPrimaryEmail and .emailType to db abstractoin

remove the deep __heartbeat__ checks performed from browserid (the webhead), while dbwriter should ping the database to ensure health - closes #566

move generation of ephemeral database names (used in perf/unit testing) to a higher level and out of core code.  also, emphemeral database cleanup is now a responsibility of the harness running the software (test harness, or run_locally.js).  This fixes race conditions in unit tests that restart daemons (closes #557) and simplifies running local performance tests (issue #504)

repairing load_gen - issue #504 - update pathing, alter fake_verification WSAPI to query the database rather than to use email interception (which no longer works)

reorganize browserid process - break out view serving and wsapi handling.  preparation for dbwriter split.  issue #460

implement throttling on outbound emails: don't send emails to the same address more than once per minute - issue #430

implement dynamic bcrypt work-factor update so we can scale this up or down as we seek the optimal security/performance balance

remove obsolete syncEmails functionality from persistence layer, tests, wsapi, and client libraries.  with certs the logic is much simpler and more efficient

test harness now tries to shut down gracefully.  this allows cleanup to occur (i.e. of database when running in a test mode)

find instances of console.log() and send them to the logger instead, when running under dev harness also route to console.  issue #169

add an explicit db.open() call which will provide the hook for passing configuration information into the db layer

basic testing of all db.js apis complete, also completed implementation of identitysync to check installed pubkeys.

consolidate db.checkAuth and db.checkAuthHash - move all bcrypt knowledge out of the persistence layer

tests of db.isStaged, db.stageEmail, db.gotVerificationSecret, and db.emailKnown.  also add some documentation in db.js for various apis

initial stubbing of db.js tests, also generalize db.js so that the path where the database resides may be configured

if you can verify an email, you can take ownership of it.  this should trigger some fun conversations with thunder. closes #36

move to bcrypt for password hashing and storage.  This satisfies @benadida's crazy paranoia, so it closes #35.  In other news, the 'forgot password' flow is now complete (this change solves the case where you forget your password for an email and reset it with precisely the same password --- because auth is salted, the registration_status call will delay 'complete' until you actually click through.  tl;dr; - closes #18