Conflicts:
	resources/views/verifyuser.ejs

close #845.

close #837

close #821

* the first button in the form would be clicked instead of the "submit" event, even if the first button is hidden.
* Changed the order of the DOM so that the correct button comes first in the DOM.

* primary - user who is authenticated, owns address, valid cert.
* primary - user who is authenticated, owns address, but invalid cert.
* primary - user who is authenticated, but does not own address.

Required email feels more "correct", still some work to do though for working with expired certs cleanly.

* Changed the state machine so pushing a state to the stack is optional.
* Changed the verify_primary_user screen to have an optional cancel button
* Updated required_email to handle primary verification of unauthenticated users.

It is now possible to sign in to BrowserID using a primary email even if the user is not authenticated to BrowserID.  Needs a lot of cleanup.

changed session over to benadida's node-cookie-session with encryption and signing of the cookie, closes #416, closes #832

more complete_email_addition tests.  if a password is set on the account, you may not reset it via the c_e_a api

perform password length checking everywhere a password is updated.  complete_user_creation now requires a 'pass' arg when the acct has no password (only primary accts)

email_for_token now returns whether the user must set a password to finish adding an email to their browserid account.  also write (failing) tests for imminent changes to complete_email_addition api.  also refactor db layer, adding haveVerificationToken to move code off of emailForVerificationToken that only cares about whether a verification token exists or not.  whew.

* Adding several helper functions to user to check auth status on primary.
* Adding lots of tests.
* Starting to update the required_email controller to work with primaries.

* Defer off to "primary_user" screen and let that take care of the rest.
* in user.js, formatting.

Fixing up a bunch of async problems that were causing the unit tests to error out.  Only call complete whenever jQuery animations are complete.

implement a 'maximum request time' for bcrypt work.  server now fails more gracefully under backbreaking load, returning 503s to clients of the authenticate_user api.  update loadgen to be less dramatic about, but still display, 503 errors.  first part of issue #787 - a partial fix for #785 in dere too

Conflicts:
	resources/static/test/qunit/shared/network_unit_test.js
	scripts/compress.sh

Upgrading jQuery to 1.7.1.  Fixes a crash bug in IE8 where loading browserid.org would cause IE to restart.

close #806

issue #803

close #810

close #819

Turn license URL in ToS into a clickable link (closes #382)

* Change the add_email_address page to be Module based.
* Show the site info always.
* Add User.tokenInfo which gets the email address and site for a token.
* Add page.checkRequired which checks an options block for required fields.
* Rename pages/browserid.js to pages/start.js

* All unit tests pass again.
* Renaming primary_user_verified to primary_user_ready
* Adding a random_seed to the context info to fix the unit tests and the adding of the seed.
* Renamed all ejs templates to match their URL.
* Each page unit test writes the ejs template that it needs to the DOM.