overhaul of Box node

[boneskull]

I mentioned this in Slack recently, but quick backstory:

I was working on a talk showing how you can use Watson's NLU and Box in Node-RED to automatically tag documents based on their content. Unfortunately, I found the Box Node insufficient in three key areas:

1. The OAuth2 authentication was essentially broken; Node-RED would need near-constant contact with Box to keep tokens alive (this is still a problem, but is the nature of the beast)
2. There was no way to download arbitrary files
3. There was no way to update file information (this is not the same thing as "metadata" in Box parlance)

This PR addresses the issues by:

1. Implementing a second authentication method, OAuth2+JWT, which is recommended for server-to-server authentication.
2. Implementing a "list folder" Node, which returns an array of all files in a folder
3. Implementing a "update file info" Node, which allows properties (such as tags) to be assigned to a file

(I have a demo of this, and there might even be a video of my talk available soon, but I think the audio is probably bad. 😬 I should probably just make a webcast.)

CAVEAT: I found a potential memory/resource leak in the Box SDK for Node.js which is corrected by in-progress PR box/box-node-sdk#304. Once that's merged and released, I'll update the dependency.

Breaking Changes

• Message input properties are now expected to be within the payload,
  not hanging directly off of the message
• Credential format has changed and is now stored (as received) verbatim
  from the Box SDK
• box watch (events) Node no longer holds opinions about what the
  events look like--it no longer filters, modifies, or aggregates the
  events and the event data--the event data format now mirrors the Box
  API documentation (which means it's at least documented somewhere).
  Note that the Enterprise Event Stream events have a different format
  than the User Event Stream events!
• Essentially, existing flows and configurations will break, and this
  must be a major release.

Enhancements

• Add OAuth2+JWT authentication mode for persistence
• Add "box folder items" Node to list the contents of a folder; accepts
  a folder ID, offset, and limit
• Add "box update file info" Node to modify file information (e.g.,
  tags)
• Add support for "download by file ID" in box in (download) Node
• Add support for file representations to box in Node; as appropriate,
  any download can be "downloaded as" plain text, PDF, and various-sized
  images
• Add support for Enterprise Event Streams in box watch (event) Node
• Add support for long-polling in User Event Streams in box watch Node
• Add an output to box out (upload) Node
• Add preflight checks to all uploads to avoid wasting time/bandwidth on
  large, failed uploads in box out Node
• Add automatic file creation and new version creation in box out
  Node; if a file does not exist it will be created, otherwise a new
  version will be created.
• Add stub for developer token authentication mode

Refactors

• consume Box's Node SDK
  directly
• move much logic into lib/box-api.js, which is the configuration Node
  itself; is now essentially an adapter for the Box Node SDK
• create TokenStore class, corresponding to interface defined by the
  Box Node SDK, to manage tokens for OAuth2 authentication--essentially
  an adapter to Node-RED's credentials system
• new palette and grid labels for various Nodes, since they were all
  previously the same
• split runtime .js files into one-per-Node; box.js now simply loads
  all files in lib/
• some ES2015+ enhancements
• use Promises where possible
• mixins provided for API functionality which changes depending on
  authentication mode
• some improvements to non-idiomatic JS
• some docstring improvements
• some locale string normalization

Fixes / Other

• use canonical method to skip a suite in Box tests
• remove unused should-sinon from package.json
• update package-lock.json
• rewrite most tests due to changes in authentication and HTTP requests
  incurred by the use of the Box SDK; I would recommend actually testing
  at a higher level and stubbing SDK methods to avoid worrying about
  what the requests look like--we don't actually care, because that's
  the Box SDK's problem!
• add tests, though could use plenty more; the test helper isn't ready
  yet, and unfortunately I don't have time to work on it
• exempt box/**/*.js from JSHint checks, since I was fighting with it;
  see jshint config isn't quite right #225

[coveralls]

Coverage decreased (-0.7%) to 71.605% when pulling 296bdfa on boneskull:box-jwt into 0c4bfdd on node-red:master.

[boneskull]

The necessary PR in box-node-sdk has been merged, and we're now awaiting a release.

[boneskull]

this was released in v1.21.0 of box-node-sdk; I've updated the version requirement.