improve documentation of mysql wrapper and associated tests, remove debug console output, fail slow queries rather than retrying, and add a statsd counter for failed_query

  * all database functions return an err as the first param which is non-null for failure.
  * all wsapis handle database errors and return service unavailable to client.
  * stalled-mysql-test implements unit tests to verify proper failure behavior of all wsapis.
  * configuration parameter added to define max allowed time per query

 /test now redirects to /test/ so that you can hit either url to run front end unit tests.  fixes backend unit tests. closes #1178

* Add a new view, cookies_disabled - this is displayed to browsers that do not allow access to localStorage when cookies are disabled (Firefox, Chrome, Fennec)
* Add localStorage check in include.js to check for browsers that do not allow write access to localStorage.
* Add a Javascript cookie check in network.js->cookiesEnabled using a test cookie with duration of 1 second so it is never sent to the server.
* Remove the old cookies_enabled check that was theorized to come from session_context - remove this from the XHR mock as well.

issue #835

vary session cookie name by public_url when public_url is not browserid.org - this addresses issues which affect testing with IE when cookies are set for both, diresworb.org and dev.diresworb.org.  closes #296.

update wsapi to return a body of 'Bad Request: no cookie' when a CSRF check fails because no cookie was sent from the client - issue #835, issue #1056

serve all views with cache headers requiring revalidation, varying by accept-locale, and *only* with an ETag but not last-modified (the two don't mix well, see rfc2616.  issue #620

* include.js points to include_js/include.js or production/include.js depending on environment.
* Added tests checking for correct responses to 'include.js' and 'include.orig.js'.
* Added missing tests for correct response for '/test' and '/test/'
* Remove the symlink to include.js
* Remove symlink update in compress.sh

issue #921

cache busting: add 'enable_code_version' configuration - when true return 'code_version' in session_context - also /production/XXX_vYYY.{js,css} calls now map back to /production/XXX.{js,css} - issue #226

add version.js - a small abstraction which extracts a 7char abbrev sha from the current source - issue #226

update wsapi_client to return errors in the standard node convention.  update all clients.  fix several areas in loadgen where we were not properly handling errors.  improve informational output of loadgen failures.  closes #838 - helps with issue #784 - closes #785

updated crazy verifier test to chop off last 2 chars from assertion rather than 1, due to base64 resilience that is not worth testing. Fixes #833

update all WSAPIs now that userid rather than email is stored in session after auth.  all tests pass on JSON database driver

update all database apis on the JSON side to interact in terms of user ids as the primary identifier rather than an email address.  first step toward migrating to userid in sessions instead of email addresses to solve issue #388 (and others like it) and pave the way for primaries

changed session over to benadida's node-cookie-session with encryption and signing of the cookie, closes #416, closes #832

more complete_email_addition tests.  if a password is set on the account, you may not reset it via the c_e_a api

perform password length checking everywhere a password is updated.  complete_user_creation now requires a 'pass' arg when the acct has no password (only primary accts)

email_for_token now returns whether the user must set a password to finish adding an email to their browserid account.  also write (failing) tests for imminent changes to complete_email_addition api.  also refactor db layer, adding haveVerificationToken to move code off of emailForVerificationToken that only cares about whether a verification token exists or not.  whew.

update verifier tests to use a real domain that doesn't have primary support for one of the negative tests.  network timeouts make tests run painfully slow.

API CHANGES: stub a new auth_with_assertion api for authenticating to browserid with assertions generated from primary issued certs, and implement a failing unit test.  now lets make it pass

SCHEMA CHANGE: add a bit to the email table describing whether emails are primary or secondary, update list_emails wsapi to return this, augment unit tests

changed generate to use nodejs crypto, added weakgenerate, added async support for generate, and added tests