added conformance tests.

tests should now pass
updated to jwcrypto that has proper callback delay guarantees and removed unnecessary setTimeouts

Updated all calls to jwcrypto to use the more intuitive API. Fixed a front-end test that was failing due to true asynchronicity of jwcrypto.

* Update the "stage_user" and "stage_email" to take a password where appropriate.
* Remove pass from calls to "complete_user_creation" and "complete_email_addition"
* Update database drivers to set the account password where appropriate.
* Update unit tests.

fixed check for site parameter, it should be an origin not a domain, and fixed all tests accordingly. Was careful not to screw up the verifier tests that are testing for old parameters to the verifier.

API changes for public terminals/shared computers, and update all tests
to post data using JSON rather than form encoding, as the front end now does.

fix unit tests - autenticate_user and cert_key now require a boolean 'ephemeral' value which will affect duration of authentication and certificate validity respectively.

update wsapi_client to return errors in the standard node convention.  update all clients.  fix several areas in loadgen where we were not properly handling errors.  improve informational output of loadgen failures.  closes #838 - helps with issue #784 - closes #785

more issue #598 - add test and fix for other places where exceptions leak out of JWCrypto and cause 500 errors rather than 200 failure responses.

fix race condition between token request and waiting for token, was causing test hangs.  closes #530

reorganize browserid process - break out view serving and wsapi handling.  preparation for dbwriter split.  issue #460

fix race condition between token request and waiting for token, was causing test hangs.  closes #530

WSAPI CHANGES: All server responses are now objects, makes some funky browsers happy and prevents certain attacks.  closes #217 closes #325

  * /wsapi/have_email now returns { email_known: <boolean> }
  * /wsapi/stage_user now returns { success: <boolean> }
  * /wsapi/user_creation_status now returns { status: <string> }
  * /wsapi/complete_user_creation now returns { status: <boolean> }
  * /wsapi/stage_email now returns { success: <boolean> }
  * /wsapi/email_addition_status now returns { success: <boolean> }
  * /wsapi/complete_email_addition now returns { success: <boolean> }
  * /wsapi/authenticate_user now returns { success: <boolean> }
  * /wsapi/remove_email now returns { success: <boolean> }
  * /wsapi/account_cancel now returns { success: <boolean> }
  * /wsapi/logout now returns { success: <boolean> }

Finally, introduced middleware to ensure that resp.json() is not called with anything other than an object.

WSAPI CHANGES in preparation for new UX flows, specifically where you provide a password AFTER verifying emails.

  * stage_user no longer takes a password
  * after calling stage_user, you can poll status with user_creation_status
  * instead of 'prove_email_ownership', you call 'complete_user_creation' and provide a password
  * add_email is now 'stage_email'
  * after calling stage_email, you can poll status with email_addition_status
  * instead of 'prove_email_ownership', you call 'complete_email_addition' and provide a password
  * stage_* and complete_* calls are POST
  * *_status calls succeed continuously (not only once)

remove obsolete syncEmails functionality from persistence layer, tests, wsapi, and client libraries.  with certs the logic is much simpler and more efficient

now that jwcrypto is a node module, we shall change the way that we include it (ie jwcrypto/vep rather than by relative path)