Add basic test framework for the Angular app

Also refactored the directive to remove the dependency on the
controller. The ng-model attribute is still required but only to set
the scope.

Using Karma, Angular Mocks, Chai and Sinon.

Improve debug toolbar integration

Restore default view to 'Screen'

As a part of the fix for #1231 in commit
https://github.com/hypothesis/h/commit/f66448fc3b2d1e07cbb491db73367b4b69e5f9a6
the default view was change to 'Document' from 'Screen'
but the annotations were not loaded into the sidebar as supposed
for 'Document' view, because the applyView was called before
the annotations were loaded.

Since it'd take effort to correctly implement Document view update
when the store loads new annotations, it is feasible to return
to the original 'Screen' view, which works well, because
views are planned to be refined, maybe redesigned.

Fix #1276

Delay authentication timeout on scope updates

WebSocket tweaks

Fix #1286

It makes a lot more sense to start the websocket connection as soon as
the session is loaded, rather than using an arbitrary delay time of
five seconds.

Fix two issues with the authentication timeouts.

- Fix #1284, the regression causing resets to always occur, introduced
  by e4f32116fe5f266e2030a666f5cc912b6b3df308
- Flash a message when the reset happens. Close #1280
- Increased the timeout to five minutes, as per suggestion by @dwhly

Improved form errors

Update uri mapping, use match query

ES Query_type is introduced as an option for our stream filter.
This way the streaming backend can generate our regular,
query_string and match query.

Our uri field will use match query for perfomance improvement

To move away from ES query_string, new mapping for the uri fields
should be introduced.

For the index_analyzer we use the pattern_capture filter to be
able to split the uri field to our desire.

This is a step better than flash messages. It could be reworked to
inline above the submit button, or elsewhere, easily by changing the
template.

It's clearer if the form clears itself through a reset rather than
waiting for it to happen later. This has the advantage of getting
the password out of reachable memory sooner.

Extending the scope rather than erasing its keys and replacing it
with the base scope means the Auth controller can clear the form
fields without clearing the session data in the scope.

Fix regressions in auth errors and state resume

Refactor the reset scope event for quicker app startup and stop
using the reserved prefix that angular uses.

- Rename $reset to reset
- At the App controller, invoke the initialization code immediately
  rather than broadcasting an event. Every component should start
  by initializing itself rather than waiting for an event to be
  broadcast.

Fix two recent regressions with authentication. The first is the lack
of form error reporting. The second is the issue that ongoing highlight
mode switches and edits don't proceed after login.

- Unify all the interceptors related to sessioning. The interceptor for
  flash messages, csrf, and extracting the model from the session view
  responses is now all in session.coffee. This is better because it
  means other requests that don't return data in the same format aren't
  processed by these interceptors. It also makes it clearer which data
  the interceptors are processing; the CSRF interceptor may have been
  broken because the flash interceptor was discarding the data outside
  the model object.
- The CSRF interceptor was also not returning a rejected promise on
  errors. This mistake caused the errors not to be propagated to the
  Auth form controller. Fix #1266.
- The interaction between the Auth controller, session model changes,
  and scope resets is improved. The timeouts on the auth sheet are
  fixed so that they don't lose the ongoing mode switches and edits
  when the sheet is closed. Fix #1214.

Re-jig the integration tests 

This is now used as the primary platform for functional tests until
we can get Sauce Labs running reliably.

Fix failing annotator login test on OSX

Without this change, clicking highlight mode and then dismissing the
authentication without logging in will make it so that one must click
it twice to trigger the behavior again.

Make "make clean" compatible with OSX

Until we start packaging and releasing a version with pre-built
assets, these are needed at runtime.

Add Java installation instructions to INSTALL.OSX.rst

Manage frontend dependencies with npm

This allows us to install all but compass locally in the project rather
than relying on global executables.

Part of #1231

Had inconsistencies with tag and tags.
Unwanted console.log was also removed

Fixes #1267