* Expose a drop down on the /configclients.jsp to enter the outbound
tunnel depth.
* Improved *hosts.txt loading
* Explicitly override the JVM's timezone settings to use GMT so that
any client applications which use timezones won't leak sensitive
data (thanks gott!)
* Bundle sam.jar in the update (thanks duck!)
- set the nonce and noncePrev for the handler when rendering the form
- include the current nonce in the hidden parameter "nonce"
- include an "action" parameter (so we know we want to execute something and hence, validate the nonce, rather than just display the page)
- if the nonce submitted doesnt match what is set in the nonce or noncePrev when validating, its invalid. refuse to process
