Implement stronger content-security-policy except in /pad/ which does not allow it.

Implement a "loader" which allows for applying a version number to everything.
Added a cache control for anything which has a version.

www/common/boot.js

@@ -0,0 +1,5 @@
+// Stage 0, this gets cached which means we can't change it. boot2.js is changable.
+define(['/api/config?cb=' + (+new Date()).toString(16)], function (Config) {
+    if (Config.requireConf) { require.config(Config.requireConf); }
+    require(['/common/boot2.js']);
+});

www/common/boot2.js

@@ -0,0 +1,6 @@
+// This is stage 1, it can be changed but you must bump the version of the project.
+define([], function () {
+    // fix up locations so that relative urls work.
+    require.config({ baseUrl: window.location.pathname });
+    require([document.querySelector('script[data-bootload]').getAttribute('data-bootload')]);
+});

www/common/cryptpad-common.js

@@ -1,5 +1,5 @@
 define([
-    '/api/config?cb=' + Math.random().toString(16).slice(2),
+    '/api/config',
     '/customize/messages.js?app=' + window.location.pathname.split('/').filter(function (x) { return x; }).join('.'),
     '/customize/fsStore.js',
     '/bower_components/chainpad-crypto/crypto.js?v=0.1.5',

www/common/noscriptfix.js

@@ -0,0 +1,3 @@
+// Fix for noscript bugs when caching iframe content.
+// Caution, this file will get cached, you must change the name if you change it.
+document.getElementById('pad-iframe').setAttribute('src', 'inner.html?cb=' + (+new Date()));