return the string encoded JWT to the client, don't wrap it in a magic object as it might guide developers into trusting something that is untrustworthy.  closes #33

fix content-type of host-meta, which ultimately repairs the local testing setup (substitution is not performed on stuff that isn't text)

upon clicking 'this is not me', clear all text entry fields (catches the case where a user logs in and clicks said link all in the same session), issue #27

reduce the dialog size (and hence its perceived *weight*), and increase the size of some important phrases

fix test harness.  you really must jump through hoops to create a proper substition output filter in connnect.

don't reference external resources from browserid.org to not piss off SSL, and also a small pile of fixes to the testing harness -- specifically its handling of binary data, etc.