Port stream-filter.coffee to JS and add tests, but only for the
functionality that we actually still use in the app. Following the
removal of support for real-time updates in the stream, the websocket is
only configured to filter by URI, annotation ID or reply IDs
("references") in the sidebar and standalone annotation viewer.

This was untested code, some of the last CoffeeScript in the sidebar
app, that supports a feature which gets little use.

The stream itself will still be available at https://hypothes.is/stream
but visitors will need to refresh the page to see updates.

Add service.groups setting to filter groups

This option is being added initially to support the LMS application
where it is important that students annotate in the correct group for
the course that the active assignment belongs to.

Wait for npm release to complete before deploying to CDN

Use build milestones to automatically abort old builds

npm packages are not immediately available after "npm publish" returns.
Wait until the package has been released before attempting to deploy it
to the CDN. This should fix the failure seen in
https://jenkins.hypothes.is/job/client/job/master/745/console.

Use milestones to automatically abort older builds when a newer build
reaches the same step of the pipeline.

This mirrors the use of milestones in h's Jenkins pipeline.

Add missing polyfill for IE 11 compatibility when annotating PDFs

This package was already depended upon indirectly but following the
previous commit is now a direct dependency of the client.

The `seek` function from the `dom-seek` package expects its
`NodeIterator` argument to have a `referenceNode` property, which is
missing in IE 11.

Use the dom-node-iterator package recommended by the dom-seek README [1] to
polyfill optional-ness of arguments to `document.createNodeIterator` and
the missing properties on the returned `NodeIterator` object.

dom-node-iterator provides several ways to use the polyfill. This commit
uses the method that prefers the browser's native implementation if possible
and does not pollute the global scope, which could affect JS code
outside of the Hypothesis client.

There is one other place where we use `createNodeIterator` but in that
context the missing properties are not used so the polyfill is not
needed.

Fixes #762

[1] https://github.com/tilgovi/dom-seek/blob/master/README.md

Fix "Log in" links in sidebar content area not opening login prompt.

The loggedout-message controller should bind onLogin. The sidebar-content
controller should also bind onLogin and call vm.login(). Prevously this behavior
was broken.

Fix IE 11 JS error which annotating PDFs.

Skip builds of automated commits on Jenkins

The `whatToShow`, `filter` and `expandEntityReferences` arguments for
`Document.createNodeIterator()` are mandatory in IE although optional
according to the spec.
Pass default values to fix JS console errors.

See: https://github.com/hypothesis/client/issues/762

As part of the deployment process Jenkins creates a new commit on master
in order to bump the npm package version.

There is no point in creating an automated build of these commits, which
can be identified by the commiter name.

Move remaining client release steps to Jenkins

When performing a Jenkins CI build of the "master" branch, prompt the
user to deploy and then after they approve, execute the same release
process that a developer currently executes on their machine, namely:

 1. Update the changelog
 2. Run "yarn version" to update the package version, create a tag and GitHub release.

After these steps the release process continues on Jenkins as before,
with an npm package published and the build deployed to an S3-backed CDN
using the s3-npm-publish tool.

Enabling publishing the release entirely from Jenkins required some
additional changes:

 - Use a Debian Stretch-based Node container, to get a newer Git
   version which supports "taggerdate", used by the changelog scripts.
 - Disable Git tag signing, since this is not set up on Jenkins.
 - Do not run "make test" from the preversion script, since this has
   already been run by Jenkins earlier in the process.

Additionally to facilitate testing of this branch I added support for
specifying a prerelease version suffix. This made it possible to test
the whole deployment process without updating the live version of the
client. In future this will likely come in useful for doing staging/QA
releases.

Modify `update-changelog.js` to generate the list of changes itself

Wrap "stage" contents in a block in Jenkinsfile

This fixes a warning from Jenkins that using `stage` without specifying
a block is deprecated.

In preparation for executing the client release process entirely on
Jenkins, make update-changelog.js automatically update CHANGELOG.md with
a list of changes since the most recent tag, instead of requiring a
developer to do this manually.

This will lose the advantages of having a changelog written by humans, but
we primarily use other channels nowadays to notify staff and users about
Hypothesis product changes.

 - Add scripts/generate-change-list.js which generates a nicely
   formatted list of changes since the last release.
 - Use functions from generate-change-list.js to auto-populate section
   for new release in CHANGELOG.md when running `yarn version`.

Update API route definitions used by tests

 - Update the API index definitions used by the tests for the `api` service
   to be in sync with the actual index returned by https://hypothes.is/api/.

 - Move the definitions into a separate file to make them easier to update in
   future and add instructions on how to update them.

 - Fix two errors in the tests; use of "PUT" instead of "PATCH" for
   updating an annotation and an incorrect parameter name in the API call
   to remove a group member.

Support serving the client over SSL in development

Use custom name for global `require` function

Following the conventions of the "h" project [1], the client's asset
server (localhost:3001) and demo page server (localhost:3000) will be
served over SSL if a certificate (".tlscert.pem") and private key
(".tlskey.pem") are found in the root of the repository.

This can be useful for testing the development client on pages served
over SSL without having to disable mixed content warnings in the
browser.

[1] https://h.readthedocs.io/en/latest/developing/ssl/