re-write security system to be more like WNI

- can get telly and reach stage-two
- narrow whitelist of allowed URLS in WTVClientSessionData constructor
- enough to show wtv-1800:/unauthorized with trust priv
- Times out lockeddown users really fast ;)
- untested disk error page

zefie_wtvp_minisrv/ServiceVault/wtv-1800/preregister.js

@@ -162,8 +162,8 @@ if (ssid_sessions[socket.ssid].data_store.wtvsec_login) {
 
 	if (bf0app_update) headers += getServiceString('wtv-star', { "no_star_word": true }) + "\n";
 	else headers += getServiceString('wtv-star') + "\n";
-	if (request_headers.query.reconnect && !ssid_sessions[socket.ssid].getSessionData("registered")) headers += getServiceString('wtv-register') + "\n";
-	headers += getServiceString('wtv-flashrom') + "\n";
+	if (request_headers.query.reconnect && !ssid_sessions[socket.ssid].getSessionData("registered") && !ssid_sessions[socket.ssid].lockdown) headers += getServiceString('wtv-register') + "\n";
+	if (!ssid_sessions[socket.ssid].lockdown) headers += getServiceString('wtv-flashrom') + "\n";
 	if (bf0app_update) headers += "wtv-boot-url: " + gourl + "\n";
 	else {
 		headers += "wtv-boot-url: wtv-head-waiter:/relogin?relogin=true";