[WIP] Support SASL2 FAST authentication

FAST is a cookie-style authentication method that
lets clients store and auth with an unguesseable token.
It enables clients to forget the user's full password,
which is especially important for web-based clients,
that are prone to data leaks. Leaked tokens can be
invalidated.

- https://xmpp.org/extensions/xep-0484.html
- https://xmpp.org/extensions/xep-0388.html

Very messy, but I'm sharing for feedback.
Intended to fix conversejs/converse.js#3144

Some aside changes I needed for this:
- I let handlers listen to the *opening* stanza
- Set 'from' on the opening <stream> tag. (ref: https://github.com/xmppjs/xmpp.js/pull/1006/files#r1893267922)
- Create a new handler type (I know, I know)
  that can search *nested data*. This made
  setting up listeners a lot more convenient.
- Rearrange
- During connection, replaced has_features with
  the direct XML element ?. liberally. That seems
  more direct and defensive.
- Moved Status.AUTHENTICATING before FAST/SASL

I think the SASL negotiation logic can be cleaned up a lot,
It could handle fallback through all the methods, instead
of needing awkward special cases for FAST. Allowing handlers
to hear the opening stanza means, I am pretty sure, all of
SASL2 can become an event-driven plugin, and maybe all of SASL1.

Things that are bad:
- too much copy-pasting
- the SASL negotiation is brittle and only tries one
  thing, except for FAST which is bodged in
- saving/loading the FAST tokens is to be defined
  I coded something directly in here but really
  clients need to be making that decision
  (xmpp.js provided overridable methods to fill
  with localStorage or a cookie or something)
- NSHandler was a whim of fancy. It should probably be backed out.
  Allowing searching for *nested* namespaces/tags
  (which most other xmpp libraries do?) tidies the
  code a lot, but I recognize it's offtopic, and there
  are more verbose ways to achieve FAST without them.
- websocket checks for 'secure' before sending 'from', but bosh doesn't yet.
- support the other HT- methods from the spec
- pull SASL2 into sasl2.js and make it a plugin
- load fast.js as a proper plugin instead of importing
  it in index.js. I did this for testing, so I wouldn't
  have to mess around too much with ConverseJS.
- Needs to disentangle the circular dependencies
  between a plugin and code that needs to run during
  the early boot.

Author: kousu

src/bosh.js

@@ -146,6 +146,7 @@ class Bosh {
 
         const body = this._buildBody().attrs({
             'to': this._conn.domain,
+            'from': this._conn.jid,
             'xml:lang': 'en',
             'wait': this.wait,
             'hold': this.hold,
@@ -451,6 +452,7 @@ class Bosh {
                     if (data[i] === 'restart') {
                         body.attrs({
                             'to': this._conn.domain,
+                            'from': this._conn.jid,
                             'xml:lang': 'en',
                             'xmpp:restart': 'true',
                             'xmlns:xmpp': NS.BOSH,