HPKP is downgraded, update scoring to report presence/absence/preload

[floatingatoll]

This removes most HPKP scoring functionality. The HPKP preload checks are left in place for now, but all other checks are reduced to 'header is present' or 'header is absent', both scored 0 and the former with a clear deprecation warning. Closes #422, but should be released in coordination with mozilla/http-observatory-website#172 and mozilla/infosec.mozilla.org#107.

[floatingatoll]

Note that I don't have a working test setup here yet, but I updated the unit tests as well.

[april]

Looks like the tests are failing:

nosetests httpobs/tests -e insert_test_result -e scored_test -e select_test_results -e test_retrieve --with-coverage --cover-package=httpobs

Should let you run them okay. :)

[floatingatoll]

Corrected a scoring name typo, removed now-unused FIFTEEN_DAYS constant, fixed line length.

Restructured HPKP deprecation/preload checks to run on both HTTP and HTTPS requests. While HPKP technically wasn't valid over HPKP, in practice if the header is present on either we need to warn the user, and if the site is preloaded it does no harm to highlight that for HTTP.

[LeoMcA]

Enough time has passed that HPKP no longer appears in Chromium's preload list any more, and we mark it as "obsolete" on MDN, so I removed the test in its entirety in #521