Implement stronger content-security-policy except in /pad/ which does not allow it.

Implement a "loader" which allows for applying a version number to everything.
Added a cache control for anything which has a version.

customize.dist/src/fragments/appscript.html

@@ -1,3 +1,2 @@
     <link rel="stylesheet" type="text/css" href="main.css" />
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
-
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>

customize.dist/src/fragments/empty.html

@@ -1,2 +1 @@
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
     <div id="container"></div>

customize.dist/src/fragments/script.html

@@ -1,2 +1 @@
-    <script data-main="/customize/main" src="/bower_components/requirejs/require.js"></script>
-
+    <script data-bootload="/customize/main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>

customize.dist/src/template.html

@@ -1,5 +1,6 @@
 <!DOCTYPE html>
 <html class="cp">
+<!-- If this file is not called customize.dist/src/template.html, it is generated -->
 <head>
     <title data-localization="main_title">Cryptpad: Zero Knowledge, Collaborative Real Time Editing</title>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
@@ -10,13 +11,6 @@
     <script src="/bower_components/jquery/dist/jquery.min.js"></script>
     <link rel="stylesheet" href="/bower_components/bootstrap/dist/css/bootstrap.min.css">
     {{script}}
-    <script src="/bower_components/requirejs/require.js"></script>
-    <script>
-        require.config({
-            waitSeconds: 60,
-            urlArgs: "bust=1.1.0",
-        });
-    </script>
 </head>
 <body class="html">
     {{topbar}}
@@ -30,4 +24,3 @@
     {{footer}}
 </body>
 </html>
-