To test:
* Make sure verification works if a valid token is given.
* Make sure error message is displayed if invalid token is given.
* Make sure error message is displayed if no token is given.

issue #1495

unbreak auto-deployed dev by updating deployment image - previous had a database pre-created which is no good when we change the schema.

wsapi code cleanup: always name the response 'res', never 'resp'.  also fixes several bugs in error handling code.  closes #1277

closes #290, closes #1000

don't require that a user re-enter their password in dialog after email verification in a different browser.  Because the user just typed their password, attempt to authenticate them in the verification originating browser via the API.  If that works, then automatically log them in

* user.js: Update verifyEmail and verifyUser to take a password.
* network.js: Update completeEmailRegistration and completeUserRegistration to take a password.
* Replace verify_email_address.js and add_email_address.js with a single verify_secondary_address.js to reduce duplication.
* Update the templates.
* Bring back verify_email_address and add_email_address templates, but remove the verify password field.
* To dom-jquery, add show, hide functions.

unit tests which excercise verification of emails in a "different browser" from whence verification is initiated

require authentication on complete_* wsapis to reduce risk now that password is provided before email verification.  issue #290 and a pre-requisite for issue #1000

remove delay in primary-then-secondary test that was introduced in issue #1445 and is no longer neccesary with the movement of password selection to dialog

* /wsapi/complete_email_addition no longer has to bcrypt the password, so the previously mentioned race condition should be a thing of the past.
* in pages/start.js, signUp is now a module so it has to be started.
* in controllers/actions.js doEmailConfirmed is no longer an action and is no longer needed.

* Move #thisIsNotMe button handler from the page_module to pick_email.
* Remove extra tests for the authenticate controller.
* use the alias for BrowserID.User in helpers.js
* Add password fields to the forgot page.

* helpers.addEmail triggers either "primary_user" or "add_email_submit_with_secondary"
* Add states to the stage machine to handle add_email_submit_with_secondary to either set a password or stage the user.
* Add two helper functions in storage.js, addPrimaryEmail and addSecondaryEmail

* Verify the user without checking for passwords on the verification pages.
* Update /wsapi/stage_email to take a password.
* Remove the password fields of the verify page forms.
* Set the password when adding an email address.

* Update the "stage_user" and "stage_email" to take a password where appropriate.
* Remove pass from calls to "complete_user_creation" and "complete_email_addition"
* Update database drivers to set the account password where appropriate.
* Update unit tests.

* Remove the forgot_password controller, templates, tests, etc.
* Update authenticate to trigger "new_user" with rehydration info
* Update set_password to be able to handle resetting passwords as well.
* Update the state machine to handle password setting or resetting.

* Update set password to handle either initial password set or a password reset
* Update network/user.js to handle passwords when creating new users or resetting passwords.

Change the order of assertion generation to be after the user is asked "is this your computer?"

Update remaining reset_password test to deal with new flow when the user confirms the address.

* This fixes a problem where it is possible that a user takes more than 2 minutes to answer, making the already generated assertion invalid.
* A lot of general cleanup of the state machine.
* Push all post email selection flows to a new state, "email_valid_and_ready" which decides whether to ask the user the computer ownership status.
* Assertions are generated after the "is this your computer" is asked.
* doEmailChosen is replaced with doGenerateAssertion - there were multiple calls to generate an assertion, not very DRY.
* Fix a problem in network.js where a user who completes user registration should be marked as authenticated.
* rename email_chosen.js to generate_assertion.js to clarify its purpose.

issue #1460

Fix reset password completion not generating an assertion.

issue #1508

IE6 and IE7 fixes for the unsupported dialog.

Fix IE6 and IE7 throwing exceptions in the communication iframe.

issue #1496

* include.js - check to ensure the browser is supported before setting up the communication_iframe.  Adding the iframe in unsupported browsers will cause an exception within the iframe.

issue #1390

Conflicts:

	resources/static/include_js/include.js
	resources/static/shared/storage.js

Add a cookie check to most main site pages.