Sandboxlib

- Fix blank screen when clicking through a share-by-identity email.

- Self-hosting: Fixed sending server invites by email (from the "send invites" tabh in the admin settings).
- Improved error message seen when static publishing TXT records are misconfigured.
- Improved error message when trying to send a sharing invite to an invalid email address.

- Expanded LDAP config for search-query-based user matching to support authenticating the search and adding a search filter. LDAP is nuts.
- Worked around bug in Chrome 50 which was causing app installs to sometimes fail complaining that no URL was provided.
- Worked around an unexplained bug observed in the wild causing Sandstorm to fail to load in a browser claiming "no such route", apparently when accessed from behind certain proxies.
- Worked around bug in libseccomp which could cause Sandstorm binaries built using older kernel headers to fail to filter newer syscalls, possibly making systems insecure. All of our releases have been built against up-to-date headers, so we don't believe our release builds have been affected.
- Fixed a case where "who has access" dialog could show users named "null".
- Self-hosting: STMP config has been broken out into components rather than using a "URL" format.
- Development: Restarting `spk dev` will now reload all grains of the app without the need to manually refresh.
- Internal refactoring of grain tab management.

- **Sandstorm for Work:** For self-hosters in a business setting. Initial release supports LDAP and basic organization managament. Requires a feature key to enable. See the "For Work" section of the admin settings.
- Your set of open grains will now be preserved through refreshes and closing/reopening the browser.
- The "home" button is now aligned with the sidebar and collapses with it, which maybe makes it clearer that the rest of the top bar is attached to the content.
- The file-open dialogs when uploading an SPK or a grain backup now filter for the desired file type.
- Offer templates can now substitute a sluggified grain title into the template body.
- Browser's autocomplete will no longer draw over sharing autocomplete.

- Fix non-token-specific API host, i.e. all API tokens created before 0.146.

- Fix new offer template unauthenticated host properties feature to support mapping resource paths containing periods. This was failing because periods are not permitted in Mongo keys.