upgrade to bcrypt 0.2.4 and move to bcrypt async apis, this keeps us from blocking the web server thread and leverages the threading support in the bcrypt library for better compute throughput and responsiveness.

remove dead code.  we moved from cookie-sessions to connect-cookie-sessions.  we shouldn't have references to the former, and the latter does not throw exceptions when invalid cookies are encountered, so we don't need exception handling there.

switched to connect-cookie-session which looks a lot better, will probably require people logging back in, can't do anything about that.

update package.json with new dependencies.  update getting started instructions with how to use npm to install deps.  ref package.json from the README rather than duplicating information.  closes #60 (equivalent).