add test_keys abstraction which generates test keypairs to be used (randomly) during load generation, issue #504

move generation of ephemeral database names (used in perf/unit testing) to a higher level and out of core code.  also, emphemeral database cleanup is now a responsibility of the harness running the software (test harness, or run_locally.js).  This fixes race conditions in unit tests that restart daemons (closes #557) and simplifies running local performance tests (issue #504)

repairing load_gen - issue #504 - update pathing, alter fake_verification WSAPI to query the database rather than to use email interception (which no longer works)

public and private keys explicitly read, whenever we can't read them we go down with a hard error: closes #581, related to issue #576

fix a bug in json.js db impl, re-read database from disk before responding to emailForVerificationSecret()

disable request parsing/validation on browserid (aka "webhead") - all will be performed on the dbwriter (aka "secure webhead") - issue #460 (NOTE: request validation on webhead too requires a better session cookie implementation)

initial implementation of request forwarding, cookies set from dbwriter are still not being properly passed through - issue #460

fix typo: complete_email_addition writes the database and hence should be forwarded to dbwriter - issue #460

improve per-process informational debug output about what WSAPIs are supported, their requirements, and how they are handled (forwarded or handled locally?) - issue #460

This reverts commit 019857e3.

don't log an error level message if the json database does't exist (yet), just a debug.  closes #509

add the dbwriter process.   it's not yet hooked up, but starts up and runs, and included in health check.

reorganize browserid process - break out view serving and wsapi handling.  preparation for dbwriter split.  issue #460

rework mysql connection logic: fixes create_schema flag and properly reconnects to database.  closes #548

everything else is filtered.  Things like Content-Encoding shouldn't be blindly
forwarded.

Also when forwarding responses,  ensure proper casing of headers.

issue #460

ensure that the internal code_update URL is hit *precisely* to reduce the risk of improperly configured servers and sloppy expressjs routing letting just anyone reboot a server.  bug #699171

implement graceful process shutdown, and clear logging as to the reason why processes are terminating.  include winston handling of uncaught exceptions.  this all goes into a library that all of our processes use.  closes #529

in production (dev/beta/prod) use a more conventional logging format that includes timestamps.  closes #234

ensure that the internal code_update URL is hit *precisely* to reduce the risk of improperly configured servers and sloppy expressjs routing letting just anyone reboot a server.  bug #699171