Refactoring `questions`

[stuartpb]

I'm thinking questions should get moved under a knowledge field (ie. becoming knowledge.questions), which can describe "user knowledge" as a component of the profile in general.

I think this should be moved under a more general topic to mirror password, username, and other profile-oriented topics: this would also allow for knowledge.notes to describe user questions instead of questions[0].notes, which is where notes are going right now.

It'll also open up the door for knowledge.answers.contents and knowledge.answers.value (and knowledge.answers.value.must etc), introduce a name for use in other fields to refer to when answers are required, as well as future fields that can describe other aspects of how user knowledge may be used (for instance, when knowledge answers can be used to recover a password without an email).

Some names I considered and rejected for the umbrella for this:

• security: As I said in https://github.com/opws/domainprofiles/issues/22#issuecomment-278618444, security is too broad to use as a top-level container name, even though it would make this security.questions, in line with what it's normally called.
• secret or secrets: Not only is secret also too broad (aren't passwords supposed to be secret, too?), it also reflects a fundamental misunderstanding in the design of security questions: their answers, when followed by design, are not inherently secret. See the Sarah Palin Yahoo hack, for instance.
• facts or trivia: Also too broad, could easily be seen as overlapping with notes (and also presupposes more about questions than is inherently true: they could just as easily be opinions).

[stuartpb]

It also clears the path for a different kind of questionnaire. For instance, right now a site that requires several questions to be answered, each one being mandatory, would be represented as a series of lists with required: 1 and one item under options. In that case, it's probably not a knowledge set of questions, and should probably be profiled in a different structure.

[stuartpb]

Actually, what about challenge? That's the term Washington Connect uses, and I think it makes about as much sense.

Admittedly, it's not as precise as knowledge (a CAPTCHA is a kind of challenge, too, after all), but it's also not as broad (knowledge can describe lots of things, like, say, a "knowledge base", and seeing "requires knowledge" is a lot more "lol wut" than "requires challenge").

[stuartpb]

I'm going to go forward with this right now as challenge.