Add spoofing protection (MITM/NO-CPS detection)

[alexhauser]

Closes #117.

Description:

This adds detection and mitigation for the following scenarios:

• The server reports an IP address mismatch (TIF of 0x40, "IPs matched" flag off)
  In this case, we show a warning message and fail hard (just like the GRC client).

• The server fails to engage CPS
  In this case, we show a warning message and give the user the choice of aborting the authentication or continuing on (just like the GRC client).

Additional changes:

• Hardening of the PathConf.LoadConfig() method since I was seeing a NPE in one particular case

• As discussed in Detect No CPS/ MITM Mitigation according to Identity Specs #117, I've changed it so that we are now only sending the cps option if the server has already engaged a CPS session. What I was seeing when I reported that the GRC client sends cps right from the start makes sense, since CPS is usually so quickly engaged, that it will come in well before the "sqrl://" invocation, and so CPS is already there when we start sending commands to the server.
  On the spoofing demo site however, one can see that the GRC client in fact does NOT send cps if the server fails to engage CPS. So that's what we're now doing as well.

Preview:

[josegomez]

Very nice work, if you get a chance could you fix my last commits localization stuff since you are already in there?
Otherwise we can do it later no big

Merge away!!

[alexhauser]

if you get a chance could you fix my last commits localization stuff since you are already in there?

I have a few other translations that need some attention as well (mainly the PDF stuff), I think I'll tackle these toghether with yours in a separate PR.