implement dynamic bcrypt work-factor update so we can scale this up or down as we seek the optimal security/performance balance

Beefing up tests for waitFor*.  Checking whether the returned status is 'complete', 'mustAuth', or 'noRegistration'

close #415

WSAPI CHANGES: All server responses are now objects, makes some funky browsers happy and prevents certain attacks.  closes #217 closes #325

  * /wsapi/have_email now returns { email_known: <boolean> }
  * /wsapi/stage_user now returns { success: <boolean> }
  * /wsapi/user_creation_status now returns { status: <string> }
  * /wsapi/complete_user_creation now returns { status: <boolean> }
  * /wsapi/stage_email now returns { success: <boolean> }
  * /wsapi/email_addition_status now returns { success: <boolean> }
  * /wsapi/complete_email_addition now returns { success: <boolean> }
  * /wsapi/authenticate_user now returns { success: <boolean> }
  * /wsapi/remove_email now returns { success: <boolean> }
  * /wsapi/account_cancel now returns { success: <boolean> }
  * /wsapi/logout now returns { success: <boolean> }

Finally, introduced middleware to ensure that resp.json() is not called with anything other than an object.

close #380

close #409

close #410

This allows the user to hit "enter" when only one email address is shown.  With only one email address, the radio button is not shown and we cannot submit the form.

close #412

If the user selects an invalid email address, show them an error message and re-display the valid email addresses.

The error message should be inlined, but I am going to open a new issue for that.

close #401.

In dialog_controller, if the passed assertion is null, email was not recognized or deleted, re-show the pick email.

issue #401

Warning the user, clearing all BrowserID stored info, and redirecting to main page when action is complete.

close #394

issue #137

close #404

close #405

certifyEmailKeypair, persistEmail, and persistEmailKeypair are no longer front facing but private.

removing confirmEmail, it was not used anywhere.

Renaming: waitForUserRegistration->waitForUserValidation
          emailRegistered->isEmailRegistered
          waitForEmailRegistration->waitForEmailValidation

Updating calls in the controllers.

Adding a test for isEmailRegistered with a non-registered email.

renamed:    ../../resources/browserid-errors.js -> ../../resources/error-messages.js
renamed:    ../../resources/browserid-network.js -> ../../resources/network.js
renamed:    ../../resources/browserid-identities.js -> ../../resources/user.js
renamed:    ../../resources/browserid-wait.js -> ../../resources/wait-messages.js
renamed:    browserid-network_test.js -> network_unit_test.js
modified:   qunit.js
modified:   storage_unit_test.js
renamed:    browserid-identities_unit_test.js -> user_unit_test.js

Updated all other files/tests accordingly.

fixing up removeEmail so that it does not pass on the removeEmail exception if email does not exist.

Cleaning up the unit tests so that we do not call clearStoredEmailKeypairs on every test but doing this in setup.

* renaming clearEmails to clear.
* Adding getEmail.
* removeEmail, invalidateEmail throw "unknown email address"
* add setSiteEmail, getSiteEmail.
* removeEmail will clear sites associated with that email address.

issue #1

The goal is to fade in the new screen over top of the old screen, and then remove the old screen.

Smoothing out just a tad, showing the initial "communicating with server" message, but it still jumps a tad bit.

Changing the android check from looking at the userAgent to checking for the failing JSON.parse(null).

This will capture a wider range of devices and checks for what makes things fail instead of one browser that can be faked.

If an email address is specified for authentication, fill it in and go to the password screen (if address is registered).

This finishes up #336, and also gets us ready for a site to be able to specify a preferred email address.

close #336.

Update the compression scripot to compress both CSS files into one.

Use a media query around the entire m.css file to keep it from being used for large screens.

Remove the extra "body" bits from the selectors, the extra specificity is no longer needed.

Manually including the CSS files in the document head.

Manually combining the CSS files into a single production CSS file.

In the mobile CSS file (m.css), wrapping all content in a media query.  Since this is the last bit in the production CSS file, we no longer need the "body" selector added to everything to gain specificity.  Removing "body" from the selectors.

Updating the compress script to do the right thing.

If the user validates a mail on a different browser than the one they registered the mail on, make them authenticate.

close #336

Instead have those elements already there and it's all the less work that we have to do.

issues #361, #346.