fix bug preventing proper handling of old style verification links by new style code, documented exhaustively in issue #1592.

zero-change cosmetic cleanup of code.  make exit points explicit, and use curly braces consistently.

issue #1592 update complete_email_addition to accept a password in the case that email verification was started on a previous version of the software that didn't collect a password in-dialog

issue #1592 - update complete_user_creation to accept a password in the case that email verification was started on a previous version of code.

update the http_forward module to allow global request timeouts to be set, use this to implement a 15s upper bound on requests for declaration of support in development.  This should fix unit tests

added conformance tests.

tests should now pass
updated to jwcrypto that has proper callback delay guarantees and removed unnecessary setTimeouts

Updated all calls to jwcrypto to use the more intuitive API. Fixed a front-end test that was failing due to true asynchronicity of jwcrypto.

Renaming kpi_backend_db_hostname and port to kpi_backend_db_url. Updated with KPIggybank endpoint, posting form data

wsapi code cleanup: always name the response 'res', never 'resp'.  also fixes several bugs in error handling code.  closes #1277

* user.js: Update verifyEmail and verifyUser to take a password.
* network.js: Update completeEmailRegistration and completeUserRegistration to take a password.
* Replace verify_email_address.js and add_email_address.js with a single verify_secondary_address.js to reduce duplication.
* Update the templates.
* Bring back verify_email_address and add_email_address templates, but remove the verify password field.
* To dom-jquery, add show, hide functions.

modify interaction_data api to always return a quick success, update hub.js to add an .all() function that subscribes to all published events, interaction_data module now adds all published events to event stream

implement frontend interaction_data mechanisms, still require tests, event_stream population, and reduced UA information parsing

require authentication on complete_* wsapis to reduce risk now that password is provided before email verification.  issue #290 and a pre-requisite for issue #1000

* /wsapi/complete_email_addition no longer has to bcrypt the password, so the previously mentioned race condition should be a thing of the past.
* in pages/start.js, signUp is now a module so it has to be started.
* in controllers/actions.js doEmailConfirmed is no longer an action and is no longer needed.

* Update the "stage_user" and "stage_email" to take a password where appropriate.
* Remove pass from calls to "complete_user_creation" and "complete_email_addition"
* Update database drivers to set the account password where appropriate.
* Update unit tests.

* Remove the forgot_password controller, templates, tests, etc.
* Update authenticate to trigger "new_user" with rehydration info
* Update set_password to be able to handle resetting passwords as well.
* Update the state machine to handle password setting or resetting.

* This fixes a problem where it is possible that a user takes more than 2 minutes to answer, making the already generated assertion invalid.
* A lot of general cleanup of the state machine.
* Push all post email selection flows to a new state, "email_valid_and_ready" which decides whether to ask the user the computer ownership status.
* Assertions are generated after the "is this your computer" is asked.
* doEmailChosen is replaced with doGenerateAssertion - there were multiple calls to generate an assertion, not very DRY.
* Fix a problem in network.js where a user who completes user registration should be marked as authenticated.
* rename email_chosen.js to generate_assertion.js to clarify its purpose.

issue #1460