implement complete_reset, stage_reset and refactor database code to support this addition, add tests

require authentication on complete_* wsapis to reduce risk now that password is provided before email verification.  issue #290 and a pre-requisite for issue #1000

  * all database functions return an err as the first param which is non-null for failure.
  * all wsapis handle database errors and return service unavailable to client.
  * stalled-mysql-test implements unit tests to verify proper failure behavior of all wsapis.
  * configuration parameter added to define max allowed time per query

update all database apis on the JSON side to interact in terms of user ids as the primary identifier rather than an email address.  first step toward migrating to userid in sessions instead of email addresses to solve issue #388 (and others like it) and pave the way for primaries

email_for_token now returns whether the user must set a password to finish adding an email to their browserid account.  also write (failing) tests for imminent changes to complete_email_addition api.  also refactor db layer, adding haveVerificationToken to move code off of emailForVerificationToken that only cares about whether a verification token exists or not.  whew.

SCHEMA CHANGE: password is now nullable in schema.  also, add .createUserWithPrimaryEmail and .emailType to db abstractoin

remove the deep __heartbeat__ checks performed from browserid (the webhead), while dbwriter should ping the database to ensure health - closes #566

move generation of ephemeral database names (used in perf/unit testing) to a higher level and out of core code.  also, emphemeral database cleanup is now a responsibility of the harness running the software (test harness, or run_locally.js).  This fixes race conditions in unit tests that restart daemons (closes #557) and simplifies running local performance tests (issue #504)

repairing load_gen - issue #504 - update pathing, alter fake_verification WSAPI to query the database rather than to use email interception (which no longer works)

reorganize browserid process - break out view serving and wsapi handling.  preparation for dbwriter split.  issue #460

implement throttling on outbound emails: don't send emails to the same address more than once per minute - issue #430

implement dynamic bcrypt work-factor update so we can scale this up or down as we seek the optimal security/performance balance

remove obsolete syncEmails functionality from persistence layer, tests, wsapi, and client libraries.  with certs the logic is much simpler and more efficient

test harness now tries to shut down gracefully.  this allows cleanup to occur (i.e. of database when running in a test mode)

find instances of console.log() and send them to the logger instead, when running under dev harness also route to console.  issue #169

add an explicit db.open() call which will provide the hook for passing configuration information into the db layer

basic testing of all db.js apis complete, also completed implementation of identitysync to check installed pubkeys.

consolidate db.checkAuth and db.checkAuthHash - move all bcrypt knowledge out of the persistence layer