In each directory, always open in the following order:
 1. third-party libraries
 2. serializable
 3. signatures
 4. common

Also, always open modules from lib/* before. This order is reflected
in *.mllib files.

Additionally, open more frequently serialization modules.

 - base template is abstracted over login_box
 - per-election templates and services (except those related to
   update_credentials) refer to per-election auth services
 - login templates are parametrized over AUTH_SERVICES

For now, they are not referenced anywhere, but seem to work when
accessing directly their URL.

Rationale: we don't want templates to be able to call them.

SITE_SERVICES.cont is now an Eliom reference that can be directly used
wherever a continuation is expected.

Incidentally, if a user is already logged in, log out first.

Keep "Auth_" prefix for auth systems.

 - rename AUTH_INSTANCE into AUTH_HANDLERS
 - add "logout" to it
 - rename existing "handler" into "login"
 - logged_user contains AUTH_HANDLER instead of CONT_SERVICE

Summary:
 - WEB_ELECTION gets a new submodule of type ELECTION_SERVICES
 - per-election services do no longer take UUID as a param, but are
   registered at a path containing it
 - no more ESIndex, election home service is back
 - inline some submodules of SITE_SERVICES, drop ALL_SERVICES
 - rename old SITE_SERVICES into CORE_SERVICES
 - move election-specific templates to a new ELECTION_TEMPLATES; the
   templates in the new signature do not longer take an "election"
   argument but TEMPLATES.Election is a functor that takes a
   WEB_ELECTION and returns an ELECTION_TEMPLATES
 - adapt the booth to the new path layout

Additional changes:
 - merge VOTING_SERVICES into ELECTION_SERVICES
 - inline {SITE,AUTH}_TEMPLATES into TEMPLATES
 - all templates take a final () argument to emphasize their impurity

Each election may have an owner who can perform administrative tasks.

 - Eliom_config.(use get_config instead of parse_config)
 - presence of <source> is no longer technically enforced
 - simplify configuration of auth systems
 - auth systems directly register themselves

The new field is used as root for services specific to an auth system.

 - metadata is specific to web, move it there
 - create Web_serializable, and also move randomness there
 - metadata is not optional (but its components can be)
 - rename user_type into user_domain
 - serializable version of ACLs

There were 3 phases: configuration parsing, service definition and
service registration. The last two can be merged, since there is no
direct external reference to the service of a specific auth system. As
a consequence, there is no need for a Register sub-fonctor in
AUTH_INSTANCE: service definition and registration occur directly in
the Make function, called by instantiate.

Summary:
 - move rewrite_prefix to Web_common
 - each auth system now has an $init function that registers its
   configuration spec and an $exec function to Auth_common
 - an auth system may support multiple instances via configuration;
   user_type is specific to each instance
 - when parsing is done, each $exec is called with an $instantiate
   callback; $exec is supposed to call $instantiate for each instance

TODO:
 - default fallback when there are several instances
 - generic login should do security_log
 - auth system instances should not set user_type themselves
 - it should not be possible to login twice
 - admin login
 - update doc

We want to be able to share private variables between service
definition time and registration time, so we put both as submodules of
the Make functor.

For now, it is no longer possible to log in as an admin...

As in "continuation". This is more generic than just logging out...

Auth systems are wrapped into a module (with signature AUTH_SYSTEM) to
cope with polymorphism.

This prefix is not in the CAS spec and seems specific to some
instances. People can add "/cas" to the server path in their config if
needed.

This revision should be bisimilar to the previous one.

Summary:
 - each auth system registers $name and $service
 - $service stores a logout handler in Auth_common.user
 - the generic login service redirects to $service if its parameter
   matches $name
 - the generic logout service clears out Auth_common.user and invokes
   the stored logout handler
 - the default auth system is the one registered last
 - Templates directly query Auth_common for available auth systems

TODO:
 - enforce user_type = $name (currently not the case for CAS)
 - export Auth_common.register_auth_system
 - move existing auth systems out of Auth_common
 - integrate with config parsing
 - rework CAS
 - generic login should do security_log
 - do admin login