Sandboxlib

- Re-enabled websocket self-check under new admin UI.

- Self-hosting: The admin settings UI has been completely revamped.
- Fixed grain debug log auto-scrolling.
- Sandcats: Fixed obscure ASN.1 type issue in CSRs that was causing Globalsign API to complain.
- Fixed bug where logging in via Google or Github while viewing a sharing link which you had already redeemed previously would lead to an error.

- Fixed subtle bug introduced in 0.162 which caused shared grains to refresh every minute.

- Implemented "trash". Deleted grains go to the trash where they can be recovered for up to 30 days.
- Grains can now be deleted from the grain list, without opening them first. Multiple grains can be selected for deletion at once.
- An app can now request that the "who has access" dialog be displayed.
- Fixed bug where after an upload failed, future uploads would show the same error despite not having failed.
- Tweaked the "logout other sessions" button to give better feedback that the request is in-progress.
- When visiting a Sandstorm server that hasn't been set up yet, you'll now be redirected to the setup wizard.
- The API endpoint now allows the authorization token to be specified as part of the path, for cases where setting the `Authorization` header is not possible (especially cross-origin WebSocket).

- API requests can now include Mercurial headers, potentially allowing a Mercurial server app.
- You can now configure Sandstorm to accept SMTP connections on low-numbered ports, such as 25.
- Apps that send email can now omit the "from" address and have it filled in automatically to the grain's auto-generated address. (Previously, the app had to explicitly call another method to find out this address.)
- Rewrote permissions algorithm to support upcoming features. Should have no visible changes currently.
- Fixed some bugs around grain renaming when a grain was received through multiple sharing links.
- Sharing emails are now included in the per-user email send limit of 50 per day.
- Oasis: Demo users can no longer send sharing invite emails, due to abuse.
- Sandstorm for Work: The SAML configuration now clearly displays the entity ID used by Sandstorm.

- When the owner renames a grain, the change will now be visible by people with whom the grain has already been shared.
- Sandstorm for Work: Enforce various rarely-used SAML constraints. (The important ones were already enforced.)
- Increased timeout for wildcard host self-check to try to prevent error from displaying spurriously.
- Hid "share access" button in cases where it doesn't work -- e.g. when the user doesn't have access or the grain doesn't exist.
- Fixed regression causing powerbox offers of UiViews to fail (not yet used by any real app).
- Oasis: Fixed first-grain tutorial overlay.