implementation of interaction data collection

upgraded to new jwcrypto API, including backend, frontend, and tests.

merge latest dev into upgrade-jwcrypto branch, porting fixes to verifier's support of delegation of authority to new jwcrypto apis

Reusing checkSupport to implement delegatesAuthority in lib/primary. 

update the http_forward module to allow global request timeouts to be set, use this to implement a 15s upper bound on requests for declaration of support in development.  This should fix unit tests

Start the verifyEmailAddress page controller even if there is no token.

Updating documentation in cookiesEnabled to include Android 4.0 default browser still passing the cookiesEnabled check with cookiesDisabled.

close #1542

added conformance tests.

tests should now pass
updated to jwcrypto that has proper callback delay guarantees and removed unnecessary setTimeouts

Updated all calls to jwcrypto to use the more intuitive API. Fixed a front-end test that was failing due to true asynchronicity of jwcrypto.

Ensure the cookies disabled check does not run on /tos, /about or /privacy

Fix the global variable introduced and other JSHint errors.

Renaming kpi_backend_db_hostname and port to kpi_backend_db_url. Updated with KPIggybank endpoint, posting form data

* If the controller's "continuation" option is specified, start saving data immediately to localStorage.
* in start.js, look for CREATE_EMAIL and ADD_EMAIL on the window.location.hash. If this exists, the dialog session is a continuation.
* Add some more tests.

Other notable changes:
* Send old interaction data irregardless of whether the current dialog session is collecting data.
* Because of this above change, simplified storage regarding data.
* Make sure when sampling is enabled, data is saved.
* Make sure when sampling is disabled, data is not saved.
* Added tests to test expected flow.

To test:
* Make sure verification works if a valid token is given.
* Make sure error message is displayed if invalid token is given.
* Make sure error message is displayed if no token is given.

issue #1495

* Create a list of pages where the cookie check should be run.

issue #1514

issue #1521

unbreak auto-deployed dev by updating deployment image - previous had a database pre-created which is no good when we change the schema.

wsapi code cleanup: always name the response 'res', never 'resp'.  also fixes several bugs in error handling code.  closes #1277

closes #290, closes #1000

don't require that a user re-enter their password in dialog after email verification in a different browser.  Because the user just typed their password, attempt to authenticate them in the verification originating browser via the API.  If that works, then automatically log them in

* user.js: Update verifyEmail and verifyUser to take a password.
* network.js: Update completeEmailRegistration and completeUserRegistration to take a password.
* Replace verify_email_address.js and add_email_address.js with a single verify_secondary_address.js to reduce duplication.
* Update the templates.
* Bring back verify_email_address and add_email_address templates, but remove the verify password field.
* To dom-jquery, add show, hide functions.