require authentication on complete_* wsapis to reduce risk now that password is provided before email verification.  issue #290 and a pre-requisite for issue #1000

remove delay in primary-then-secondary test that was introduced in issue #1445 and is no longer neccesary with the movement of password selection to dialog

* /wsapi/complete_email_addition no longer has to bcrypt the password, so the previously mentioned race condition should be a thing of the past.
* in pages/start.js, signUp is now a module so it has to be started.
* in controllers/actions.js doEmailConfirmed is no longer an action and is no longer needed.

* Move #thisIsNotMe button handler from the page_module to pick_email.
* Remove extra tests for the authenticate controller.
* use the alias for BrowserID.User in helpers.js
* Add password fields to the forgot page.

* helpers.addEmail triggers either "primary_user" or "add_email_submit_with_secondary"
* Add states to the stage machine to handle add_email_submit_with_secondary to either set a password or stage the user.
* Add two helper functions in storage.js, addPrimaryEmail and addSecondaryEmail

* Verify the user without checking for passwords on the verification pages.
* Update /wsapi/stage_email to take a password.
* Remove the password fields of the verify page forms.
* Set the password when adding an email address.

* Update the "stage_user" and "stage_email" to take a password where appropriate.
* Remove pass from calls to "complete_user_creation" and "complete_email_addition"
* Update database drivers to set the account password where appropriate.
* Update unit tests.

* Remove the forgot_password controller, templates, tests, etc.
* Update authenticate to trigger "new_user" with rehydration info
* Update set_password to be able to handle resetting passwords as well.
* Update the state machine to handle password setting or resetting.

* Update set password to handle either initial password set or a password reset
* Update network/user.js to handle passwords when creating new users or resetting passwords.

Change the order of assertion generation to be after the user is asked "is this your computer?"

Update remaining reset_password test to deal with new flow when the user confirms the address.

* This fixes a problem where it is possible that a user takes more than 2 minutes to answer, making the already generated assertion invalid.
* A lot of general cleanup of the state machine.
* Push all post email selection flows to a new state, "email_valid_and_ready" which decides whether to ask the user the computer ownership status.
* Assertions are generated after the "is this your computer" is asked.
* doEmailChosen is replaced with doGenerateAssertion - there were multiple calls to generate an assertion, not very DRY.
* Fix a problem in network.js where a user who completes user registration should be marked as authenticated.
* rename email_chosen.js to generate_assertion.js to clarify its purpose.

issue #1460

Fix reset password completion not generating an assertion.

issue #1508

IE6 and IE7 fixes for the unsupported dialog.

Fix IE6 and IE7 throwing exceptions in the communication iframe.

issue #1496

* include.js - check to ensure the browser is supported before setting up the communication_iframe.  Adding the iframe in unsupported browsers will cause an exception within the iframe.

issue #1390

Conflicts:

	resources/static/include_js/include.js
	resources/static/shared/storage.js

Add a cookie check to most main site pages.

* The catch all will print a console log message if console.log is available.
* Adding helpers.log which prints to the console if console.log is available.

* signin, signup, forgot, add_email_address, verify_email_address.
* to user.js->checkAuthentication, call the callback if cookies are disabled.

issue #1418
issue #1484

issue #1485

Start the delay screen and disable form modules for the main site.