added email config to make testing email easier - be careful on production. Fixed sub-bug in db.js, callback not returned.

generate a persistent secret for cookie encryption at first server run.  still in pursuit of zero-config and as stateless as possible.

fix set_key wsapi on authority, now properly associates a NEW key with an EXISTING email address owned by the currently authenticated user

implement 'identity sync' which basically triggers client re-keying of identities that the server knows about but the client doesn't.  Also invalidates ids that the user has removed (probably on another device).  Also this is the proper place for revocation and key refresh to occur.  one transaction + one per key reset (though that could be consolidated)

implement polling in dialog and related wsapi in server, this is when waiting for email verification, subsequent to sign up