factor out dependence on prdb, lockers, web certs

[price]

To make #75 and #76 *really* practically effective, people using our software elsewhere will need to tie it into the authentication and authorization/resource-allocation mechanisms that exist in their environment. There probably aren't a lot of places where people allocate resources by lockers, make groups in prdb for authorization, and authenticate web users with certificates.

We can have some clue how to break these functions out into modules (and to some extent we've done so already), but we probably can't develop a really good API to support the various mechanisms that exist out there until we have users elsewhere who want to write the modules for those mechanisms.

I'd put this at a milestone past Version 2.0 if we had one.