* Not actually hooked up in the dialog yet.
* Need backend support.

* Added a new controller, primary_user_provisioned.
* Slimmed down user.provisionPrimaryUser so that it does not authenticate users.
* Using ADD_EMAIL and CREATE_EMAIL as the hash when redirecting back from an IdP as bits of state.

update verifier tests to use a real domain that doesn't have primary support for one of the negative tests.  network timeouts make tests run painfully slow.

Conflicts:
	resources/static/dialog/controllers/dialog.js

fix issue where when allowPersistent is true, and the user is not authenticated to browserid, they wouldn't be shown the 'keep me signed in' checkbox - closes #776 (presumably a regression introduce in f9ab1ba9 ?)

Improve in-source RP for testing.  Now you can fully specify the navigator.id.get() call without writing code - this is not an example for browserid implementors, but rather a local testing tool for browserid devs.  for testing of issue #776

* Renaming a bunch of the templates to use _ instead of camelCase.

* A lot of cleanup and test adding for handling primary users.
* Trying to genericize a lot of the message names and leave the state machine decide on state.
* Simplifying the ActionsMock in state_machine_unit_test.
* Loads of file renames to make easier to read.

* Hacktastic and minimal tests - loads of tests needed.
* Assume if the #EMAIL=<email> hash is specified on the URL, then try provisioning the user.
* Fixed all previously broken, non-completing tests.
* Added several new controllers - email_chosen, provision_primary_user, verify_primary_user.

* Using address_info right off the start to figure out what to do with an email address.

* Before redirecting to the IdP, shut down all modules, close the channel.
* Update tests to pass from breakages.

* Use WinChan to open a new window to the primary.
* Add the idp_auth_complete page for the IdP to redirect back to.
* When the window closes, re-try to authenticate the user with the primary.
* Add a helper to show an error message.
* Add a WinChan mock.
* Update unit tests to handle the "need to authenticate with IdP" scenario.
* Update compression scripts for WinChan to be included on the main site.

* Match the text on the verify_user page.
* Add a new PageHelper function, replaceFormWithNotice.
* Replacing the specialized code in verify_email_address.js with above function.

move 'primary.js' - abstraction for interacting with primaries - down to lib/, now it's used by different processes

WSAPI CHANGES: implement auth_with_assertion wsapi.  this requires creation of a new create_account_with_assertion api on the dbwriter than cannot be externally invoked (though it still re-verifies assertions).  New mechanism added to wsapi.js to support this type of function (internal only wsapis)

implement support for verifying assertions issued by primaries for the purpose of logging into browserid

SCHEMA CHANGE: password is now nullable in schema.  also, add .createUserWithPrimaryEmail and .emailType to db abstractoin

when running locally, SHIMMED_PRIMARIES set for all daemons (so dbwriter can interact with primaries too)

* Adding a window Mock.
* Adding a new template for the "you've gotta verify" screen.
* Hooking up the logic to redirect - which closes the window.

* Add network.authenticateWithAssertion and related tests.
* On signup page, start the redirection code to verify with primary in new tab.
* in network.js, rename all the onSuccess to onComplete for clarity.
* Simplify tests for primary user provisioning while "not authenticated".
* Generate fake keys/certs in the provisioning mock.
* Save off the keypair/cert given to us by the provisioning frame before getting an assertion.
* Generate an assertion and log the user in on primary provisioning success.

API CHANGES: stub a new auth_with_assertion api for authenticating to browserid with assertions generated from primary issued certs, and implement a failing unit test.  now lets make it pass