-------------------------------------------
* fix two security bugs related to CRLF injection
https://github.com/gratipay/security-qf35us/issues/1
* remove argv-based configuration; Website now takes kwargs instead (455)
* remove exec-based configuration, i.e., configure-aspen.py (373); use kwargs
to Website or environment variables instead
* add a base_url configuration setting and use it in a new algorithm
function, redirect_to_base_url (457)
* improve the redirect API: it's now at website.redirect instead of
request.redirect; it honors the new website.base_url; and it takes an
optional response object (458)