Validate LMS URL's on the /welcome page

[seanh]

The /welcome form has basically no validation of the LMS URL at all, even though this is the base URL that we used to construct Canvas API URLs in order to use the Canvas API.

• [ ] Add validation to the /welcome form so that invalid URLs can no longer be entered.

  We should at least test, server-side, that it appears to be a valid URL and we can parse it into the parts that we need for constructing API URLs. Trying to do more than that is probably taking it too far.

• [ ] Do something about existing bad data in the QA and production DBs.

  I'm not sure what the correct solution is. Maybe delete all invalid LMS URLs from the DB (those application instances will then have the Canvas Files feature disabled, but the feature can't be working anyway).

[seanh]

Actually, if possible (if there's a suitable Canvas API endpoint) I think some JavaScript on the /welcome page should use the given LMS URL, developer key, and developer secret to make a test request to the Canvas API and only allow the form to be submitted if the test request succeeds.