* Remove the signup page and all remnants of it.

* Useful for when running unit tests on testmob.org.  Unit tests and code need to be embedded in an iframe.

audit and simplify logic in email_for_token to return proper hint to frontend on whether they should get a password from the user and forward it along with the 'complete' request during verification process for acct creation, password reset, email addition, and email re-verificaiton

Rather than going straight to the quick setup, we should link to somewhere that
gives a little more context.

Ensure that when a user verifies in a different browser than what they reset their password with, they must authenticate to complete the verification

- Windows doesn't have signals, so process.on("SIGINT") throws
- changing process.env.PATH is a bad idea

add access-control-allow-origin to all static resources (excluding views), to allow fonts to be requested cross domain.  fixes a regression introduced during the merge of router, for issue #1973

defaulting on meant that even though it was
an optional dependency, it still blew chunks

Allow assertions issued by person to be used to authenticate.  This makes it possible for "proxy idps" to work without the implementation details leaking out into others verifier implementations.

also prevents error from require node-statsd if it wasn't installed,
but logs error if config says it should be enabled.

gettextify the last portion of the about page.

add test coverage of origins that start with digits, and relax validation regex a bit - closes #2042

extensive testing of i18n mechanism - including english fallback, string substition from .json files, and debug locale

* in each top level layout or ejs template, include a link to a partial that contains the license.
* The bottom of the license contains a link to the repo and the current SHA's commit.

perform rigorous validation on all API parameters, cleanup redundancy in sanitize.js and validate.js - issue #1526

Signed-off-by: Lloyd Hilaiel <lloyd@hilaiel.com>