* Update the "stage_user" and "stage_email" to take a password where appropriate.
* Remove pass from calls to "complete_user_creation" and "complete_email_addition"
* Update database drivers to set the account password where appropriate.
* Update unit tests.

fixed check for site parameter, it should be an origin not a domain, and fixed all tests accordingly. Was careful not to screw up the verifier tests that are testing for old parameters to the verifier.

update wsapi to return a body of 'Bad Request: no cookie' when a CSRF check fails because no cookie was sent from the client - issue #835, issue #1056