Remove the runtime switching between cookie and OAuth authentication.

As long as we are using Yarn as the official way to manage exact
versions of the client, ignore npm v5+ lockfiles in the source tree.

The client uses Yarn rather than `npm` for package management. Having
the npm v5 lockfile present creates opportunities for the npm and Yarn
lockfiles to disagree on which versions of packages to install.

This happened with 'babelify' (v6.x in the npm lockfile, v7.x in Yarn).

Add comments to clarify several issues raised during PR #554.

Also add a missing test case and a small cleanup for the function.

The conversion of start time and end time path params into query string
params is still not particularly robust but it is good enough for us to
do some initial testing in production.

embed internet archive videos

Send search URIs to other frames by postMessage()

Add support for receiving postMessage() requests from other windows or
frames and responding by sending the list of search URIs that the client
is using for the current document to search the Hypothesis API for
annotations.

This can be used by our LTI app to get the search URIs when the student
submits an assignment. The app needs the search URIs to later search the
API for the student's annotations.

Make re-fetching of annotations when the logged-in user ID changes work with OAuth

The sidebar had two separate watchers checking for a change in the
current user ID and focused group, each of which independently called
`loadAnnotations`. Therefore if both changed at the same time,
annotations could be loaded twice. This happens when logging out if a
private group was selected prior to doing so, since the group switches
to "Public" at the same time as the userid becomes `null`.

This commit fixes the issue by consolidating the check for a change in
group ID and a change in user ID into a single watcher. If either or
both change, `loadAnnotations` will only be called once.

Refetching of annotations when the logged-in user ID changes was
previously triggered by a complete reload of the `<sidebar-content>`
component via a `$route.reload()` call. This happened in response to a
`USER_CHANGED` event except for the first time that the profile was
fetched.

When using OAuth this broke because the test for whether this was the
first profile fetch or not was based on a change from null => non null
CSRF token (see `isInitialLoad` initialization). When using OAuth
however, there is no CSRF token.

This commit reworks refetching of annotations to remove the route
reloading and instead trigger it in the same way that it is triggered
when frames connect or disconnect, by calling
`SidebarContentController#loadAnnotations` when the logged-in userid
changes.

Remove iframe size check

Since we now only enable annotation of iframes that are explicitly opted
in by the containing page, we can avoid checking the size of the iframe
as well. That check was originally added to filter out ads and hidden
iframes.

This resolves an issue with Epub.js where an iframe initially has zero
width. This is because book content is laid out into a variable number
of fixed-width columns and the iframe's width is set to the total width
of all columns. Until the content is loaded, the number of columns and
hence the width, is zero.

Stop exporting the main annotation layer object as `window.annotator`

The main application object in the code which runs in the host page was
made visible to other code on the page as `window.annotator`.

This export existed for legacy reasons (the client's Annotator.js
heritage), is not part of the public API of the client and we do not
make any effort to avoid breaking changes to it between releases.
Removing this export should prevent third parties writing code which
depends on its interface.

Adjust the preferred initial size of the OAuth popup window.

Fix timestamp tooltips in annotation cards

Rewrite viewFilter service and fix incorrect handling of any-field query terms in client-side search

Use profile display name in account menu

Add more vertical and horizontal space per the designs for what the
popup view should ideally look like [1], if the screen size is large
enough and the user agent permits it.

[1] https://github.com/hypothesis/product-backlog/issues/348

Timestamps on annotation cards are supposed to display the full date and
time in the tooltip. This didn't work because `ng-title` is not a thing.

Render display name in new annotations

Render the display name if set