Fix "IE doesn't keep you logged in between restarts (or page reloads)" problems by disabling cookie check in iframe.  issue #2218 & issue #2183

improve i18n of main site - strings for translators should not include site implementation details (links, ids, etc) - this prevents accidental breakage and allows us to change our ids and links without requiring retranslation.  closes #2093

When a secondary email is verified, make sure its verified bit is set to true.  Lots of cleanup for readability.

When the verification poll completes, if the user is not currently authenticated to the "password" level, use the staged password to authenticate the user.

If user never entered a password, kick them over to the enter your password screen.

Rather than going straight to the quick setup, we should link to somewhere that
gives a little more context.

* to page_helpers.emailSent, add a new input paramter - pollFuncName.  The poll functions are unique for each type of email sent.

* Generalize and cleanup unit tests

* This is still not pretty, but it is a safe for hotfix into staging. This makes the unsupported dialog and cookies disabled screens look equivalent to the current prod.

cherry picked from the stage hotfix - 977706bc288660a5b40c5ea58001fc9bba4fda90

<%- is an alias for <%=.

Update one unit test so all frontend tests pass.

adorn confirmations on main site (like 'd00d, sure you wanna cancel') with gettext() for proper extraction and substition

'or' was not gettext() decorated in index.ejs - allow a translator more control over the whole phrase

gettextify the last portion of the about page.

Cachify the logo as well.

issue #1999

extensive testing of i18n mechanism - including english fallback, string substition from .json files, and debug locale

new KPIs in the event stream:
* authenticate.enter_password
* authenticate.password_submitted
* authenticate.password_success
* authenticate.password_fail

Added a couple of new testHelper functions, expectedMessage and unexpectedMessage

* in each top level layout or ejs template, include a link to a partial that contains the license.
* The bottom of the license contains a link to the repo and the current SHA's commit.

* Only show a hint if it is not already shown.

Never set a future expiration date, to delete the cookie set an expiration date of yesterday.

they are no longer separate timeouts, nor do they start at
slightly different spots in the code.

The countdown starts at the end, and only once the countdown
reaches 0, does the redirect take place.

fixes #2007

this makes sure callbacks for animations truly are called only
after the animation has finished. before, it'd be possible to trigger slightly ahead because of setTimeout tomfoolery