Sandboxlib

- Emergency fix to race condition which caused the login control to claim no login services were configured when communicating with a server far-away on the network. This wasn't caught in testing because we usually test against localhost servers. The fix is to make the list of enabled services reactive, where it wasn't before. This update should entirely resolve the problem.

- New API allows apps to stay running in the background. The user is notified and can cancel the background processing to avoid expending resources. A notifications box has been added to the UI; eventually, other notifications will arrive here too, but for now it's just for background processing.
- New API allows apps to render an "offer template", which is a chunk of instructional text containing an embedded API token suitable for copy/pasting e.g. into a shell. This will be used, for example, to improve the UX for Gitweb and Gitlab so that you can set up your git client by copy/pasting sample commands. The app can display such a template without ever getting direct access to the API token text, which would otherwise be a violation of confinement.
- Backup/restore functions now go through the backend API rather than having the front-end directly operate on the filesystem. The zip and unzip processes are additionally more tightly sandboxed than before.
- Admin panel now includes usage stats and a view of the server log file.
- `spk pack` now avoids creating excessive numbers of mmap()s (which vbox shared folders don't like).
- Admin user list now shows the email address or invite notes under which the user was invited.
- Various installer UX improvements, especially in failure cases.

- Added this change log, and made it appear on the "about" page.
- Updated to latest Meteor.
- Improved `spk pack` performance by using multiple compression threads.
- Bugfix: Sending invides in admin settings now works with emergency admin token login.
- Bugfix: Don't display irrelevant webkey button to users who can't use it.
- Bugfix: When testing SMTP, use the newly-input configuration rather than the saved configuration.
- Bugfix: Fix permissions on various disk directories so that the `sandstorm` group can access them.

- Fix admin-token ownership; when created as root
- Support standalone spk binary

v0.1-v0.83
- Change logs were not kept, but you can inspect the release tags in git.

This is a minor release of the spec which resolves some small issues.

- A circular dependency is resolved by duplicating k8s.io/kubernetes/pkg/api/resource in-tree (684)
- The ACE validator no longer expects the variables removed in 273 (674)
- Some documentation updates (676, 677, 680)

This is a minor release of the spec which includes a new isolator and a utility function to translate between appc and golang architectures.

- the `os/linux/selinux-context` isolator, which allows apps and pods to specify the SELinux context for their process (673)
- `schema.ToAppcOSArch()` and `ToGoOSArch()`, functions that translate OS and architecture names. (668)