Issue 2254 runpy enhancements

* Use termsOfService over tosURL and privacyPolicy over privacyURL
* Check for renamed/deprecated tosURL and privacyURL.
* Check for deprecated requiredEmail.
* Check for renamed loggedInUser/loggedInEmail

Fix users who enter wrong email address, cancel, enter correct email address then forgot password.

Conflicts:
	.gitignore
	ChangeLog
	lib/email.js
	package.json
	scripts/browserid.spec

* Add the notion of momentos to the state machine so that back properly works.

* Use termsOfService over tosURL and privacyPolicy over privacyURL
* Check for renamed/deprecated tosURL and privacyURL.
* Check for deprecated requiredEmail.
* Check for renamed loggedInUser/loggedInEmail

Deprecate silent option + ensure the callback is only called once for navigator.id.get with the silent: true option.

move hash update later in authenticate_user call, as session cookie must be updated for bcrypt hash update to succeed.

Since MySQL TIMESTAMP is quantized to whole seconds, also change tests
to add a 2s stall before changing the password, to make sure
lastPasswordReset gets a new value.

This honors the preceding comment about not gratuitously expiring
innocent sessions. Somehow this clause got lost as I was
merging/rebasing this function.

Specifically this should reduce the work needed by the
'authenticate_user' call by one DB read.

All wsapi operations now require the database (to update+check the
superSessionToken), so some tests that previously expected operations to
succeed without a database now expect them to fail (generally 503).

wsapi_client.js was changed to pass HTTP errors during
/wsapi/session_context back to the caller, so their response code can be
checked, rather than throwing an error (and preventing any other
assertions from being made).

With this change, existing session cookies are invalidated when the user
changes their password. This will also support a "log me out of
everywhere" button, which merely needs to update the superSessionToken
as if the password was changed.

This adds .superSessionToken to all sessions in
wsapi.authenticateSession, and checks it against the database row in
during a new checkExpiredSession() call (run for all /wsapi requests,
both GETs and POSTs).

All database methods which create an account or modify the password were
changed to also set .superSessionToken (to the current time).
updatePassword() added an 'invalidateSessions' argument so passwords can
be rehashed (when the bcrypt work factor changes) *without* invalidating
sessions. Finally, the database added a new method named
superSessionToken() to retrieve the current value, for comparison in
checkExpiredSession().

wsapi/update_password.js is changed to add a call to authenticateSession
after changing the password, to update the cookie with the new
.superSessionToken. This ensures that the user's new session works on
the next call after update_password.

Database rows that don't have a superSessionToken (created before the
code was upgraded to include this change) will not enforce
session-checking, so user sessions will not be spontaneously expired
when the server is upgraded past this revision.

This makes it possible to test two distinct sessions at the same time,
needed to exercise expiring one session when the password is changed in
a second session.

After the user is authenticated, we might update the hashed password if
the bcrypt work factor has been changed. To simplify the code in
preparation for later changes, this patch extracts the updateHash() code
out to a separate function.

Note that this function must run *after* the `res.json()` call for two
reasons. The first is to avoid slowing down the client (send answer
first, do work later). The second is to get the right session cookie
into the POST that we send to ourselves (to /wsapi/update_password) that
does the actual hash updated. The session is updated in
wsapi.authenticateSession, but the cookie isn't regenerated until the
call to `res.json()`, and the POST is sneakily grabbing the cookie out
of the response's Set-Cookie header to copy into the request-to-self.

This includes an error-handling argument to the callback.

Adding a deprecation warning for navigator.id.getVerifiedEmail

* Show a console.log message that silent has been deprecated.
* Bring over some helper functions from PR #2228 to check for deprecated options, print console messages.

Add a console message if only one of privacyPolicy or termsOfService is defined.

Adding @seanmonstar's suggestion to the PR which already got a "looks good from here"

close #1438