Overhaul horus view handling

Refactor the views module to limit code exposure to horus.

- Implement a view mapper that acts on the horus class-based form
  views to coerce the result to a dictionary. This mapper pulls most
  of the request and response munging away from the horus view logic
  overrides, which are left as simple subclasses. Page views for horus
  now fire login/logout events and work around eventray/horus#43 for
  password resets.
- Improve error reporting by showing flash messages only for colander
  errors, letting horus handle the rest. Remove corresponding hack in
  client-side flash handling.

IE doesn't have the document.baseURI property.
This workaround constructs the baseURI if not present.

This reverts commit most of 636651959f26671098e692a28fde147a835f6f23.
(I have left the changes to h/js/flash.coffee )

Close #479

Includes backport of openannotation/annotator#200 fix. Lines removed
from flash.coffee as they are now obsolete.

Now we have the potential for multiple sign-in.

Revisit the language of the auth tab blocks to remove the redundant
forgot and claim views.

Make the userName filter more useful by expanding it to a general
parameterized persona filter.

Don't send a new search request until the logout request has returned.

Instead of sending a token with the application view (which is really
more of a session state view), fetch it separately using the tokenUrl
option of the Auth plugin. Account for the case where known personas
could change in the future without invalidating the current persona
and reset the Auth plugin whenever the persona in use changes. Use the
persona parameter to the token endpoint to get the appropriate token.

The refresh function is not defined in the scope it's called in which
is why the event is necessary. However, unlike the original, the app
scope is used instead of the root scope because there's no need to
dispatch from the root scope here.

Since the token changes whenever the list of personas changes just
refactor the logic in the token watcher to cause exactly one search
to happen when the token changes without consulting a separate
property, simply by checking the tool state.

This reverts commit ca43ccc1d9559476f95c714c1b055194f03dd0c2.

These should have been added along with the rest in 8c7db59e05dd7757989f6b31a19edef6cfb686fd

Since the highlight code uses jQuery's .offset() we don't need to
factor in the wrapper offset.

Close #931

The root core of problem #1179 is actually an upstream problem. Our code is only necessary until we can consume the fixed version of annotator.

When we receive updated versions of existing annotations from the
other side of the bridge, not only merge those changes,
but announce them with the appropriate event, too.

Based on changes originally introduced here:
https://github.com/hypothesis/h/commit/1d4e9f32cc4f8c7db5ffdac7adad90e9cbf88db6#diff-5

In the past when we were switching users the previous user data has remained inside the Permissions.options.permissions object.
This way, our newly created annotations had all the previous logged in user's permissions in their permission list which wat totally wrong.
In this fix when logging in/out this options.permissions object is resetted too. (Along with the user)

Fixes #1179

Search each one individually. This was always the intent but the code
was wrong.

This is in preparation for adding these things to the site pages.

Close #1174

This eliminates the subscriber hack and allows us to use the check_csrf
view predicate in the future by making Angular send the header that
Pyramid expects.

Close #1172

And get rid of the resettable directive. Since Angular added the
`$setPristine` method, we can wrap the errors in a check that the
control is dirty.

This code doesn't do any DOM manipulation so its better kept as a
controller.

This simplifies the tests a little bit, maybe it will be more
robust???

Also seems like a useful thing to do anyway.