add access-control-allow-origin to all static resources (excluding views), to allow fonts to be requested cross domain.  fixes a regression introduced during the merge of router, for issue #1973

The `static` process has been added to handle cachable resources and views, so
code relevant to serving those resources has been removed from `browserid`.

The `router` heartbeat now depends on both `browserid` and `static` processes being ok.
`router` now forwards wsapi writes to `dbwriter`, reads to `browserid`, and errors on unkown
or internal wsapi requests. The wsapi setup for `browserid` no longer handles forwards, though
some wsapi operations may trigger a forward to `dbwriter`.