rework the authenticate_user api - now it is read only (will run on webheads) and will call over to dbwriter if and when bcrypt password update is in play.  This shifts the majority of authentication compute cost over to webheads from secure webheads - closes #560

repairing load_gen - issue #504 - update pathing, alter fake_verification WSAPI to query the database rather than to use email interception (which no longer works)

disable request parsing/validation on browserid (aka "webhead") - all will be performed on the dbwriter (aka "secure webhead") - issue #460 (NOTE: request validation on webhead too requires a better session cookie implementation)

initial implementation of request forwarding, cookies set from dbwriter are still not being properly passed through - issue #460

improve per-process informational debug output about what WSAPIs are supported, their requirements, and how they are handled (forwarded or handled locally?) - issue #460

This reverts commit 019857e3.

add the dbwriter process.   it's not yet hooked up, but starts up and runs, and included in health check.

reorganize browserid process - break out view serving and wsapi handling.  preparation for dbwriter split.  issue #460