verifier now accepts parameters over POST in addition to GET, use of the former is preferred and user identifiable data out of http logs.  closes #96

return the string encoded JWT to the client, don't wrap it in a magic object as it might guide developers into trusting something that is untrustworthy.  closes #33

simplify verifier a bit to make it simpler to use either off the same domain as browserid.org OR on its own domain.

in source urls are now all (interim == eyedee.me) live, the test harness subs in testing urls & hostnames

fix crypto-stubs.js to include embedded versions of prng and rng, also improve RP output and fiddle with the JSAPI a bit.  now an assertion is represented as an object where .jwt is the signed jwt blob, and convenience keys are populated from the blob

take a step back.  remove the server component from the RP, just use static resources and cross domain XHR.  the in-repo test RPs should be as simple as possible