return an error to the client when we cannot contact the keysigner.  (was just leaving the connection to hang...)

update wsapi_client to return errors in the standard node convention.  update all clients.  fix several areas in loadgen where we were not properly handling errors.  improve informational output of loadgen failures.  closes #838 - helps with issue #784 - closes #785

close #699.

* Took some code from the signup page.
* Moved the "open primary auth" window to page_helpers.
* cleanup of authenticate.js and page.js.
* convert signin to be based on a Module.

* If the user is not authenticated to "password" authentication when they select a secondary email, make them sign in.
* Updaate required_email to do its own check for the user's authentication status.
* Update the unit tests to make sure we are all kosher.

explicitly call .removeAllListeners() during http forwarding to eliminate memory leak.  closes #839 (with extreme prejudice)

explicitly call .removeAllListeners() during http forwarding to eliminate memory leak.  closes #839 (with extreme prejudice)

* Update network/user to handle two level auth.
* Update tests that check authentication status to check for correct status.
* State machine checks for the correct authentication level for an email address.

document in code where two level auth affect apis, specifically where you'll need to be password authenticated, vs. where assertion auth (with a primary address) is sufficient

* When authenticating, since we no longer generate/sync keypairs, do the sync.
* Collapse cases in required_email so things are easier.
* Remove the doSyncAndPickEmail action, no longer needed.
* Update the state machine to assume that once a user authenticates, their emails are synced.

* To user, add canSetPassword, hasSecondaries.
* Add unit tests for these functions as well as setPassword.

updated crazy verifier test to chop off last 2 chars from assertion rather than 1, due to base64 resilience that is not worth testing. Fixes #833

(loadgen) fix bug that would leave virtual users with incorrect cookies in their device contexts after a password reset (still authenticated as th old user that they split from) issue #785

(loadgen) tons of fixes to handle request failures without mucking up the local user database - issue #838, issue #785, issue #787, issue #784

staging a new acct on a session logs you out.  clear the auth'd bit on the session when this happens to prevent errors that occur when the loadgen client thinks it's authed, but the server knows its not.  issue #785

when loadgen emits errors, indicate what activity was being performed when the error was encountered.

gracefully handle excessive load - all cases where bcrypt will take to long return 503, loadgen special cases 503 errors for better output.  closes #787

* Simplify the signature for checkAuthenticationAndSync by removing onSuccess.
* Simplify the user unit tests by using failureCheck.
* Add testHelpers.failureCheck which came from network.js
* Cleanup the user unit tests a ton.

* Added tests for the various flows in required_email.
* cache off address information, clean up required_email controller a bit.
* Add some error messages.
* User.addressInfo now returns whether the primary users are authenticated with their IdP.

* email_for_token now returns whether the user needs to set their password.
* complete_email_addition now takes a password if necessary.
* Update the add_email_address page to support scheme.
* Update network.js and user.js to support these schemes.
* HUGE simplification of the Network unit tests.  Vast reduction in number.

Setting "location=1" when opening the dialog so that all users see the URL bar and can have a level of trust.

close #847

* Put the user into the primary_email flow, which will do the provisioning/redirection.

close #844