* Useful for when running unit tests on testmob.org.  Unit tests and code need to be embedded in an iframe.

add access-control-allow-origin to all static resources (excluding views), to allow fonts to be requested cross domain.  fixes a regression introduced during the merge of router, for issue #1973

perform rigorous validation on all API parameters, cleanup redundancy in sanitize.js and validate.js - issue #1526

Signed-off-by: Lloyd Hilaiel <lloyd@hilaiel.com>

when serving non-minified resources, substitute urls in templates so once can locally test links embedded in templates (like persona tos/pp)

The `static` process has been added to handle cachable resources and views, so
code relevant to serving those resources has been removed from `browserid`.

The `router` heartbeat now depends on both `browserid` and `static` processes being ok.
`router` now forwards wsapi writes to `dbwriter`, reads to `browserid`, and errors on unkown
or internal wsapi requests. The wsapi setup for `browserid` no longer handles forwards, though
some wsapi operations may trigger a forward to `dbwriter`.

Change browserid.org urls to persona.org, introduce static.login.persona.org for all static resources.

update the http_forward module to allow global request timeouts to be set, use this to implement a 15s upper bound on requests for declaration of support in development.  This should fix unit tests

added conformance tests.

tests should now pass
updated to jwcrypto that has proper callback delay guarantees and removed unnecessary setTimeouts

Updated all calls to jwcrypto to use the more intuitive API. Fixed a front-end test that was failing due to true asynchronicity of jwcrypto.

Reusing staticPath in compress worker and making prefix configurable, removing DRY violation per llyod

when certifying secondary certs and the user has not confirmed their ownership of the given computer, certify with a short validity period

Adding disable_locale_check flag to skipping warnings for en-US without gettext files. Fixes Issue#1055