Updating the contribute URL to https://github.com/mozilla/browserid/blob/

Updating the contribute URL to https://github.com/mozilla/browserid/blob/master/browserid/static/users.html

update tutorial now that the verifier returns the unpacked assertion, and address thunder's concern about providing sample code for the server in client side javascript.  closes #32

if you can verify an email, you can take ownership of it.  this should trigger some fun conversations with thunder. closes #36

move to bcrypt for password hashing and storage.  This satisfies @benadida's crazy paranoia, so it closes #35.  In other news, the 'forgot password' flow is now complete (this change solves the case where you forget your password for an email and reset it with precisely the same password --- because auth is salted, the registration_status call will delay 'complete' until you actually click through.  tl;dr; - closes #18

fix registration_status - now it's more sophisticated.  in case you're adding an email it needs you to be authenticated and checks that the same user owns both emails addresses.  in case you're verifying or re-verifying an email to creat an account it checks to see if the new credentials you provided work yet (transition only occurs when you click through the email link.  all tests passing again.

test the snot out of registration status.  two tests failing (re-registration of an existing email prematurely succeeds (*before* verification).

break outbound email interception into a separate library - more capturing of commonality for browserid tests

working stub for registration status.  incidentially, at present, this is the fruit of refactoring, a minimal test stub that gets a browserid server up and running and ready for testing

first attempt at standalone tests for the browserid server - startup, simple HTTP transactions, shutdown

added email config to make testing email easier - be careful on production. Fixed sub-bug in db.js, callback not returned.

a re-thinking of forgotten password flow and partial implementation (for the purposes of initial launch, forgotton password flow is a re-verification of email, and it will require re-verification of other emails as well)