Move pad2 to pad and create bounce app

www/bounce/index.html

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html class="cp">
+<head>
+    <title data-localization="main_title">CryptPad: Zero Knowledge, Collaborative Real Time Editing</title>
+    <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
+    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
+    <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
+    <script async data-bootload="main.js" data-main="/common/boot.js?ver=1.0" src="/bower_components/requirejs/require.js?ver=2.3.5"></script>
+</head>
+<body class="html">
+    <noscript>
+        <p><strong>OOPS</strong> In order to do encryption in your browser, Javascript is really <strong>really</strong> required.</p>
+        <p><strong>OUPS</strong> Afin de pouvoir réaliser le chiffrement dans votre navigateur, Javascript est <strong>vraiment</strong> nécessaire.</p>
+    </noscript>
+</html>

www/bounce/main.js

@@ -0,0 +1,10 @@
+define([], function () {
+    if (window.localStorage && window.localStorage.FS_hash) {
+        window.alert('The bounce application must only be used from the sandbox domain, ' +
+            'please report this issue on https://github.com/xwiki-labs/cryptpad');
+        return;
+    }
+    var bounceTo = decodeURIComponent(window.location.hash.slice(1));
+    if (!bounceTo) { return; }
+    window.location.href = bounceTo;
+});

www/bounce/readme.md

@@ -0,0 +1,9 @@
+# Bounce app
+
+This app redirects you to a new URL.
+This app must only be served from CryptPad's safe origin, if this app detects that it is being
+served from the unsafe origin, it will throw an alert that it is misconfigured and it will refuse
+to redirect.
+
+If the URL is a javascript: URL, it will be trapped by CryptPad's Content Security Policy rules
+or in the worst case, it will run in the context of the sandboxed origin.