[RDY] google: Support restricting access to a specific group(s)

Allow passing the value of "approval_prompt" as a flag or option.

Update github.go

Google auth configuration screen flow has changed

By setting this to "force", certain providers, like Google,
will interject an additional prompt on every new session. With other values,
like "auto", this prompt is not forced upon the user.

provider github not work with scope read:org 

Fix spelling

*snicker*
*titter*
*giggle*

Add support for setting the basic auth password.

For tools that don't like empty passwords, this change allows
one to set a shared secret password for all users.

Check email validity on all requests rather than only on login.

Google - continually use refresh token

* New SessionState to consolidate email, access token and refresh token
* split ServeHttp into individual methods
* log on session renewal
* log on access token refresh
* refactor cookie encription/decription and session state serialization

Google - use offline access token

Cookie Refresh Improvements

* refresh now calculated as duration from cookie set

Release Version Two

* bump version to 2.0
* remove --cookie-https-only option
* add windows build to dist.sh
* rename --cookie-key to --cookie-name

Native SSL support

Page defaults to Google sign in

Github provider "Invalid Account"

disable email validation

This adds a "*" option to --email-domain to disable email validation, and this renames `--google-apps-domain` to `--email-domain` for clarity across providers

Fix validator_test hang on Solaris, Plan 9

On these platforms, the `done <- true` statement in during TearDown() was
hanging, since the `watcher_unsupported.go` version was never draining the
channel. Also took the opportunity to update the WatchForUpdates() signature
to not return bool anymore.