When replicating CourseEnrollment, make sure Users were created in all DBs before replicating other models

* All access control logic is now in access.py
* It exports a single method for general use: has_access(user, object, action)
 - possible actions depend on object type (e.g. 'see_exists', 'enroll', 'staff')
* Removed DARK_LAUNCH feature flag--it is now the default behavior
* Replaced check_course with three separate more focused functions that use has_access

Minor things:
* note on using pdb in testing
* moved time parsing helper into timeparse.py
* x_modules now have a .start attribute (None if not in metadata)

* if the course metadata have enrollment_start and/or enrollment_end,
  only allow normal users to enroll post start and pre end.
* If DARK_LAUNCH is on, staff can enroll outside the window

1. Multiple save()s on the same model are now handled properly. We
   had to unmark model objects after the appropriate signals had
   fired.
2. There was a side-effect where we were saving the portal User
   object to the course_db with the using kw param, but models
   remember where they were last saved to, so a later save on that
   model object would go to the wrong database.

* will avoid newrelic complaining
* NOTE: Is this what we want post-ship?
  - need some way of notifying instructors of problems

* required some refactoring in create_account() view

* we appear to be fairly consistent in using is_staff and has_staff_access_to_course
* cleaned up some docstrings and little code things as I went
* fixed small bug in change_enrollment view (check for non-anon user)

* catch exceptions and return a 404 if course not found
* add Location.is_valid(), tests
* stub of jumpto/ view.

Django hardcodes the subject line for password reset emails. You're supposed
to be able to override it with a properly named template, but that didn't
make it into 1.3.1 (which is what we're deploying on now). We're not using
the Sites framework at this time, so this was the "fix".