* Use WinChan to open a new window to the primary.
* Add the idp_auth_complete page for the IdP to redirect back to.
* When the window closes, re-try to authenticate the user with the primary.
* Add a helper to show an error message.
* Add a WinChan mock.
* Update unit tests to handle the "need to authenticate with IdP" scenario.
* Update compression scripts for WinChan to be included on the main site.

move 'primary.js' - abstraction for interacting with primaries - down to lib/, now it's used by different processes

WSAPI CHANGES: implement auth_with_assertion wsapi.  this requires creation of a new create_account_with_assertion api on the dbwriter than cannot be externally invoked (though it still re-verifies assertions).  New mechanism added to wsapi.js to support this type of function (internal only wsapis)

implement support for verifying assertions issued by primaries for the purpose of logging into browserid

SCHEMA CHANGE: password is now nullable in schema.  also, add .createUserWithPrimaryEmail and .emailType to db abstractoin

API CHANGES: stub a new auth_with_assertion api for authenticating to browserid with assertions generated from primary issued certs, and implement a failing unit test.  now lets make it pass

SCHEMA CHANGE: add a bit to the email table describing whether emails are primary or secondary, update list_emails wsapi to return this, augment unit tests

changed generate to use nodejs crypto, added weakgenerate, added async support for generate, and added tests

implement a more generic mechanism to enable local testing and development of primary support - allow SHIMMED_PRIMARIES to be provided which stuffs a auth url, provisioning url, and public key in our cache

implement 'address_info' wsapi that returns information about an email's current status.  who vouches for it, and if it's a secondary, is the email address known

implement a more generic mechanism to enable local testing and development of primary support - allow SHIMMED_PRIMARIES to be provided which stuffs a auth url, provisioning url, and public key in our cache

implement 'address_info' wsapi that returns information about an email's current status.  who vouches for it, and if it's a secondary, is the email address known

implement graceful shutdown of bcrypt compute processes.  fix bcrypt.get_rounds (was throwing an exception)

upgrade to a branch of statsd that lazily closes ephemeral UDP ports, so that we're not allocating one UDP socket per request when under load.  closes #680

(loadgen) fix subtle issue whereby a XXX@loadgen.domain users's password could be changed during load generation, and affect subsequent runs.  closes #681

(loadgen) fix bug in reauth activity.  in addition to clearing cookies, we must clear client state to cause re-authentication to occur.  maybe the cause for issue #682

remove process.exit() from loadgen upon email addition failure.  loadgen shouldn't stop till it reaches the top.

disable http agent in http_forward - it has been capping us at five simul forwarded requests per backend process (dbwriter, keysigner)