Implement stronger content-security-policy except in /pad/ which does not allow it.

Implement a "loader" which allows for applying a version number to everything.
Added a cache control for anything which has a version.

www/code/index.html

@@ -4,13 +4,7 @@
     <title>CryptPad</title>
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
-    <script>
-        require.config({
-            waitSeconds: 60,
-            urlArgs: "bust=1.1.0",
-        });
-    </script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
     <link rel="icon" type="image/png"
         href="/customize/main-favicon.png"
 
@@ -49,11 +43,7 @@
 </head>
 <body>
     <div id="iframe-container">
-        <iframe id="pad-iframe"></iframe>
-        <script>
-            document.getElementById('pad-iframe').setAttribute('src', 'inner.html?' + new Date().getTime());
-        </script>
+        <iframe id="pad-iframe"></iframe><script src="/common/noscriptfix.js"></script>
     </div>
 </body>
 </html>
-