update the http_forward module to allow global request timeouts to be set, use this to implement a 15s upper bound on requests for declaration of support in development.  This should fix unit tests

add a ping wsapi that's registered on all daemons and does a light weight test of database health - closes #1324

at authentication time, if the user has not confirmed ownership of a computer, set a shorter auth period.

Adding disable_locale_check flag to skipping warnings for en-US without gettext files. Fixes Issue#1055

  * all database functions return an err as the first param which is non-null for failure.
  * all wsapis handle database errors and return service unavailable to client.
  * stalled-mysql-test implements unit tests to verify proper failure behavior of all wsapis.
  * configuration parameter added to define max allowed time per query

vary session cookie name by public_url when public_url is not browserid.org - this addresses issues which affect testing with IE when cookies are set for both, diresworb.org and dev.diresworb.org.  closes #296.

don't require the user to sign in with a password as a side effect of using a primary email address.  closes #1049

update wsapi to return a body of 'Bad Request: no cookie' when a CSRF check fails because no cookie was sent from the client - issue #835, issue #1056

fix dbwriter crash on stage_email call.  move 'langContext' geration into a central location.  closes #936

updated to new version of client-sessions, renamed, and re-added connect-cookie-session for example primary

update all WSAPIs now that userid rather than email is stored in session after auth.  all tests pass on JSON database driver

changed session over to benadida's node-cookie-session with encryption and signing of the cookie, closes #416, closes #832

perform password length checking everywhere a password is updated.  complete_user_creation now requires a 'pass' arg when the acct has no password (only primary accts)

WSAPI CHANGES: implement auth_with_assertion wsapi.  this requires creation of a new create_account_with_assertion api on the dbwriter than cannot be externally invoked (though it still re-verifies assertions).  New mechanism added to wsapi.js to support this type of function (internal only wsapis)

rework the authenticate_user api - now it is read only (will run on webheads) and will call over to dbwriter if and when bcrypt password update is in play.  This shifts the majority of authentication compute cost over to webheads from secure webheads - closes #560

repairing load_gen - issue #504 - update pathing, alter fake_verification WSAPI to query the database rather than to use email interception (which no longer works)

disable request parsing/validation on browserid (aka "webhead") - all will be performed on the dbwriter (aka "secure webhead") - issue #460 (NOTE: request validation on webhead too requires a better session cookie implementation)

initial implementation of request forwarding, cookies set from dbwriter are still not being properly passed through - issue #460

improve per-process informational debug output about what WSAPIs are supported, their requirements, and how they are handled (forwarded or handled locally?) - issue #460

This reverts commit 019857e3.

add the dbwriter process.   it's not yet hooked up, but starts up and runs, and included in health check.

reorganize browserid process - break out view serving and wsapi handling.  preparation for dbwriter split.  issue #460