First run and stunnel hardening

Minor fixes

• [api] Add audit logging and 2s pause between failed token updates
• [api] Reorder some functions in the core api files
• [api] Harden stunnel.conf by adding ciphers list and disabling renegotiation
• [deps] Update jidoteki-admin dep to v1.24.0

New features

• [api/frontend] Add First Run setup process when first accessing the Admin Dashboard.
  On first run, the API will generate a random passphrase and store it in the
  api.token.setup file. The passphrase uses 4 of 7776 words from the EFF large wordlist,
  thus providing ~51 bits of entropy. This First Run feature is disabled by default and
  must be enabled by adding "first-run":{"word-length":4,"enabled":true} to
  the /usr/local/etc/jidoteki-admin-api.json file.
• [api] When First Run is enabled, error responses now contain a First-Run key and boolean value

Fix bad responses

1.23.0 (2018-07-26)

Bug fix

• [api] Add bugfixes for endpoints with invalid responses. #38

Ensure /docs is read from a variable

• [frontend] Fix regression, ensure /docs is read from a variable

Update deps, static HTML docs, fix JIDO_WITH_SSL bug

Minor fixes

• [api] Fix longstanding bug: stunnel starts regardless of the value of JIDO_WITH_SSL
• [frontend] Generate static HTML help docs, without JavaScript
• [deps] Updatejidoteki-admin dep to v1.22.0
• [deps] Remove 'strapdown' and 'google prettify' deps

Display progress bar

• Ensure progress bar is displayed while uploading files

Add IPv6, audit logging, new deps

New features

• [api/frontend] Accept IPv6 addresses in Network settings
• [api] Add audit logging to additional API endpoints
• [api] Include update status percentage in "/admin/update" endpoint
• [frontend] Renamed 'Jidoteki' to 'On-Prem'

Minor fixes

• [deps] Remove json, semver, unit deps as direct dependencies, add jidoteki-admin as dependency

Improve network settings

New features

• [dashboard] Redesign network settings to select dhcp/static
• [dashboard] Display network 'Mode' in dashboard

Minor fixes

• [html] Add 'Content-Security-Policy' HTTPS security header
• [html] Remove 'waiting for...' empty messages

Bug fixes

• [html] NTP server disappears when switching from STATIC to DHCP

Minor fixes

• [html] Append API version to static files
• [api] Ensure custom code is loaded after generic code

Minor fixes

• [html] Ensure HTTPS security headers are sent for downloads and HTML/404 pages
• [dashboard] Set autocomplete=off on storage page

Regression fixes

• [dashboard] Alert and status panel displays per section, not globally