Upgrade all dependencies. In particular to avoid a jquery vulnerability.

For the feature/invite-codes in leap_web, we need to be able to pass an
extra parameter (the invite code) from the signup form to the server.
This approach allows the consumer of SRP to specify a custom
implementation of Account that returns arbitrary `loginParams`, and
Session will pass them on so that they become part of the XHR.

- Split session.signup into signup and update to restrict extra params
  to signup only

Instead of jasmine's HTML runner, use karma to run specs. karma & all
other dependencies are installed via npm and executed via node.js. This
allows TravisCI to execute the test, and as a side effect, bumps the
versions on the testing toolchain.

- Install node.js
- Run `npm install` once to download dependencies.
- Run `npm test` to run all tests

Things to bear in mind:
- This commit adds general project information in `package.js`
- `karma.conf.js` specifies the order in which src, spec and lib files
  are loaded
- Switch to jasmine spies instead of sinon

properly treat utf8 chars in password

utf-8 encoding used to be bundled with the SHA256 library. However we
only want to utf8 encode strings that are actual user input. We do not
want to encode the bytearrays that are used when hashing the hex values
calculated during for SRP.

So I separated the utf-8 encoding and the sha256 hashing.