Sandboxlib

- Fixed regression introduced in v0.119 where `X-Sandstorm-User-Id` (as reported to apps) was computed incorrectly for email login users, causing apps to think the user was a different person than they were before the change. E.g. Etherpad would assign the user a different color from before. For some apps, this problem triggered app bugs of varying severity, such as Wekan making the board read-only and Laverna refusing to save changes. (Unfortunately, fixing this bug means that any grains created during the time when the bug was present will now show the same problems.)

- Fix formatting of app update notification.
- Add temporary debug logging aimed at diagnosing the rare event loop stalling bug which is apparently still not fixed.

- Fix regression where `spk dev` might fail to override normally-installed versions of the app. (Only affects development servers.)

- Fix bug causing intermittent timeouts in web publishing.

- Sandstorm now notifies you when app updates are available.
- A few days after installing Sandstorm, it will ask you for permission to send anonymous usage stats back to us. The stats sent are a subset of what appears at /admin/stats, so you can inspect them for yourself.
- Apps can now expose WebDAV APIs. This will soon be used to support Dropbox-like file sync.
- Large under-the-hood changes have been made towards the goal of supporting multiple login methods for the same account, but these changes should not yet be user-visible unless there are bugs.
- Fix bug where file upload dialogs (e.g. profile picture, spk upload, etc.) would sometimes randomly do nothing after a file was chosen.
- Page title is now correctly updated when browsing to a non-grain route.
- HTTP proxy now passes through ETags and ETag preconditions, probably improving performance for some apps.
- Attempt again to fix rare bug where front-end stops talking to back-end, apparently not fixed by 0.116 as we thought. Most likely still not fixed, but new logging has been added to try to debug.

- Fixed problem where Sandcats-HTTPS-enabled servers would request new certificates too often.
- This is a cherry-pick release -- no other changes merged in the last week are included.