added conformance tests.

tests should now pass
updated to jwcrypto that has proper callback delay guarantees and removed unnecessary setTimeouts

Updated all calls to jwcrypto to use the more intuitive API. Fixed a front-end test that was failing due to true asynchronicity of jwcrypto.

Ensure the cookies disabled check does not run on /tos, /about or /privacy

Fix the global variable introduced and other JSHint errors.

* Create a list of pages where the cookie check should be run.

issue #1514

issue #1521

unbreak auto-deployed dev by updating deployment image - previous had a database pre-created which is no good when we change the schema.

wsapi code cleanup: always name the response 'res', never 'resp'.  also fixes several bugs in error handling code.  closes #1277

closes #290, closes #1000

don't require that a user re-enter their password in dialog after email verification in a different browser.  Because the user just typed their password, attempt to authenticate them in the verification originating browser via the API.  If that works, then automatically log them in

* user.js: Update verifyEmail and verifyUser to take a password.
* network.js: Update completeEmailRegistration and completeUserRegistration to take a password.
* Replace verify_email_address.js and add_email_address.js with a single verify_secondary_address.js to reduce duplication.
* Update the templates.
* Bring back verify_email_address and add_email_address templates, but remove the verify password field.
* To dom-jquery, add show, hide functions.

unit tests which excercise verification of emails in a "different browser" from whence verification is initiated

require authentication on complete_* wsapis to reduce risk now that password is provided before email verification.  issue #290 and a pre-requisite for issue #1000

remove delay in primary-then-secondary test that was introduced in issue #1445 and is no longer neccesary with the movement of password selection to dialog

* /wsapi/complete_email_addition no longer has to bcrypt the password, so the previously mentioned race condition should be a thing of the past.
* in pages/start.js, signUp is now a module so it has to be started.
* in controllers/actions.js doEmailConfirmed is no longer an action and is no longer needed.

* Move #thisIsNotMe button handler from the page_module to pick_email.
* Remove extra tests for the authenticate controller.
* use the alias for BrowserID.User in helpers.js
* Add password fields to the forgot page.

* helpers.addEmail triggers either "primary_user" or "add_email_submit_with_secondary"
* Add states to the stage machine to handle add_email_submit_with_secondary to either set a password or stage the user.
* Add two helper functions in storage.js, addPrimaryEmail and addSecondaryEmail

* Verify the user without checking for passwords on the verification pages.
* Update /wsapi/stage_email to take a password.
* Remove the password fields of the verify page forms.
* Set the password when adding an email address.

* Update the "stage_user" and "stage_email" to take a password where appropriate.
* Remove pass from calls to "complete_user_creation" and "complete_email_addition"
* Update database drivers to set the account password where appropriate.
* Update unit tests.

* Remove the forgot_password controller, templates, tests, etc.
* Update authenticate to trigger "new_user" with rehydration info
* Update set_password to be able to handle resetting passwords as well.
* Update the state machine to handle password setting or resetting.

* Update set password to handle either initial password set or a password reset
* Update network/user.js to handle passwords when creating new users or resetting passwords.

Change the order of assertion generation to be after the user is asked "is this your computer?"

Update remaining reset_password test to deal with new flow when the user confirms the address.

* This fixes a problem where it is possible that a user takes more than 2 minutes to answer, making the already generated assertion invalid.
* A lot of general cleanup of the state machine.
* Push all post email selection flows to a new state, "email_valid_and_ready" which decides whether to ask the user the computer ownership status.
* Assertions are generated after the "is this your computer" is asked.
* doEmailChosen is replaced with doGenerateAssertion - there were multiple calls to generate an assertion, not very DRY.
* Fix a problem in network.js where a user who completes user registration should be marked as authenticated.
* rename email_chosen.js to generate_assertion.js to clarify its purpose.

issue #1460

Fix reset password completion not generating an assertion.

issue #1508

IE6 and IE7 fixes for the unsupported dialog.

Fix IE6 and IE7 throwing exceptions in the communication iframe.

issue #1496

* include.js - check to ensure the browser is supported before setting up the communication_iframe.  Adding the iframe in unsupported browsers will cause an exception within the iframe.

issue #1390

Conflicts:

	resources/static/include_js/include.js
	resources/static/shared/storage.js