revert "Merge pull request #714 from amrutac/refactor-css"

This reverts commit 4d88eabb, reversing
changes made to b38d3552.

Refactor css

cmd/example-app: use a non-empty state

Use a non-empty state in the example-app to ensure dex is properly
preserving the state for the code flow.

Updates #712

*: add theme based frontend configuration

This PR reworks the web layout so static files can be provided and
a "themes" directory to allow a certain degree of control over logos,
styles, etc.

This PR does NOT add general support for frontend customization,
only enough to allow us to start exploring theming internally.
The dex binary also must now be run from the root directory since
templates are no longer "compiled into" the binary.

The docker image has been updated with frontend assets.

Documentation: clarify difference between LDAP ports and security guarentees

Updated openid-connect.md: small typo

Protocol is written protocl.

Now that LDAP supports an `insecureSkipVerify` option, clarify that
`insecureNoTLS` is an extremely bad choice and as such we may drop
support for 389 in the future.

However, since we send plain text passwords from our frontend to our
backend, this probably gets us into a bigger conversation about dex's
TLS story. For example when terminiation is approporate. cc'ing
@dghubble for thoughts on how that might apply to our internal uses.

We probably want an overaching security doc at some point, but that
can be another PR.

*: switch oidc client to github.com/coreos/go-oidc

This saves us from having to import two different versions of
square/go-jose.

connector: add RefreshConnector interface

Fix Google OIDC callback url

*: small README link additions

connector/ldap: use gopkg.in/ldap.v2's escape filter

Use the escape filter method provided by the upstream LDAP package
instead of rolling our own.

server: fix expiry test flake

Allow getAttr to return DN

Specify "DN" as attribute name to return, but will only work if not present in ldap.Entry.Attributes
Use when full DN is stored in groupSearch's userAttr

Ensure compared times are within a second of one another instead of
rounding, which can flake if the two times are different enough to
do round to different values.

Tested using the golang.org/x/tools/cmd/stress tool.

The following set of commands fail without this patch:

    $ go get golang.org/x/tools/cmd/stress
    $ go test -o server.test github.com/coreos/dex/server
    $ stress ./server.test -test.run=TestOAuth2CodeFlow
    219 runs so far, 0 failures
    425 runs so far, 0 failures
    618 runs so far, 0 failures
    802 runs so far, 0 failures
    ^C

Closes #699

Enable groups scope

api: add call to list passwords

examples/k8s: update kubernetes examples

*: remove TODO.md file