Sandboxlib

- Fix blank screen when trying to log in as an identity that is connected to one or more accounts as a non-login identity.
- Oasis: Fix regression that prevented linking an identity to your account which had already been logged into in the past but never created any grains. In this case, the old empty account is supposed to be deleted so that the identity can be added to the current account, however the recent referral program notification that was sent to everyone caused these accounts to be considered non-empty and thus not elligible for auto-deletion.

- When you opeon a sharing invitation sent to you by user identity, and you are not currently logged in as that identity, you'll now get an informative message rather than "403 Unauthorized".
- Restoring a grain backup is now accomplished through a button on the grain list rather than the app list.
- The button to upload (aka sideload) an app spk has been moved to the side, since it tended to confuse people who didn't need it.
- When installing a new version of an app for which the appVersion hasn't changed, offer the option to upgrade existing grains. (Previously, the option was only provided if the appVersion was newer than existing grains. This primarily affects developers.)
- Accessibility improvements in sign-in menu.
- Consistently use the term "grain", not "file".
- Self-hosting: Give more helpful messaging when OAuth login configuration is auto-reset due to BASE_URL change.
- Self-hosting: Add ability to configure the server title and return address as used in, for example, login emails.
- Oasis: Notify everyone about the existence of the referral program.

- Refactored authentication framework. No visible changes.
- Improved UX for logging in as a dev user.
- On installing first app, highlight the "create grain" UI and explain how it works.
- Up/down now work for selecting chips in sharing UI.
- Sidebar tabs now have tooltips with titles (for when sidebar is shrunk).
- Fix `setPath` postMessage API when passed an empty string.

- Fix bug in new sharing interface where if you typed an email address but did not press "enter" to turn it into a chip, then tried to send the invite, nothing was sent.
- Oasis: Referral program page is now designed.

- Tweak wording of app update notification.
- Bug fixes for servers running demo mode (probably only Oasis).

- You can now share with other users "by identity" without ever creating a secret link (and thus you can avoid any chance of that link leaking). The sharing dialog implements an auto-complete interface for selecting such contacts. Only users who have previously revealed their identities to you will be shown. Note that e-mail invites to other users still generate secret URLs.
- When trying to link an additional identity to your account, if the identity already has an account, but that account is empty (no grains, no payment plan, etc.), Sandstorm will now automatically delete the other account so that the identity can be linked to yours. Previously, this situation reported an error saying that the identity couldn't be linked because it was already the login identity for another account. This was problematic because many users have logged in with various other "identities" in the past, causing those identities to have empty accounts attached.
- You can now set a custom splash page which people will see when they visit your server's home page while not logged in. Look under "advanced" in the admin settings.
- Icons for shared grains should now appear correctly in the sidebar (for new shares, at least).
- Oasis: Experimenting with showing payment plan selector on initial account creation. (You can still choose "free".)