require authentication on complete_* wsapis to reduce risk now that password is provided before email verification.  issue #290 and a pre-requisite for issue #1000

* Update the "stage_user" and "stage_email" to take a password where appropriate.
* Remove pass from calls to "complete_user_creation" and "complete_email_addition"
* Update database drivers to set the account password where appropriate.
* Update unit tests.

  * all database functions return an err as the first param which is non-null for failure.
  * all wsapis handle database errors and return service unavailable to client.
  * stalled-mysql-test implements unit tests to verify proper failure behavior of all wsapis.
  * configuration parameter added to define max allowed time per query

update all database apis on the JSON side to interact in terms of user ids as the primary identifier rather than an email address.  first step toward migrating to userid in sessions instead of email addresses to solve issue #388 (and others like it) and pave the way for primaries

email_for_token now returns whether the user must set a password to finish adding an email to their browserid account.  also write (failing) tests for imminent changes to complete_email_addition api.  also refactor db layer, adding haveVerificationToken to move code off of emailForVerificationToken that only cares about whether a verification token exists or not.  whew.

move generation of ephemeral database names (used in perf/unit testing) to a higher level and out of core code.  also, emphemeral database cleanup is now a responsibility of the harness running the software (test harness, or run_locally.js).  This fixes race conditions in unit tests that restart daemons (closes #557) and simplifies running local performance tests (issue #504)

repairing load_gen - issue #504 - update pathing, alter fake_verification WSAPI to query the database rather than to use email interception (which no longer works)

purge all notion of 'pubkey' from json persistence layer, drastically simplifying the database structure

(mysql driver) when unit_test is specified at open time, we use a database with a random name, and clean it up upon cdb connection lose.

add an explicit db.open() call which will provide the hook for passing configuration information into the db layer

basic testing of all db.js apis complete, also completed implementation of identitysync to check installed pubkeys.

consolidate db.checkAuth and db.checkAuthHash - move all bcrypt knowledge out of the persistence layer

tests of db.isStaged, db.stageEmail, db.gotVerificationSecret, and db.emailKnown.  also add some documentation in db.js for various apis