Expose signup-related node and signup values to token.module

While I was at it, I simplified some code to take advantage of theme('token_help') instead of our own custom version of that.

In testing, I noticed that during new signups, $signup->signup_time wasn't being set. Now fixed.

Greggles balked at the variable named "curtime". ;) Here it is as "current_time".

Now with filter_xss() on the custom signup form values, just to be safe. Since these tokens are used in plain text email, check_plain() isn't really what we want (and in fact, we don't even care about filter_xss(), either). However, if other modules start using these tokens in an HTML context, better safe than sorry, especially since these are entered by end users (even anonymous visitors). Also, to be extra paranoid, I cast the signup limit value to an int. ;)

Upon further discussion, seems better to provide both regular and raw versions of this token, and let customers decide which to use as needed.

Also adds the attendance bit as another signup token.

Now with a description on the token help fieldset encouraging users to choose the -raw versions where available, since this is for ASCII email.

Given the review(s) by greggles and more testing from me, committed to HEAD and DRUPAL-6--1.

Followup: Looking more closely at the default core tokens provided by token.module, it seems like '-' is used more frequently as the delimiter inside token names, not '_'. So, I just committed a change to switch from, e.g. [node_signup_limit] to [node-signup-limit] to both
HEAD and DRUPAL-6--1.

Follow-up: There were cases where the 'mail' field isn't inside our happy $signup object, resulting in PHP notices. Cleaned up and fixed in HEAD and DRUPAL-6--1.