Implement stronger content-security-policy except in /pad/ which does not allow it.

Implement a "loader" which allows for applying a version number to everything.
Added a cache control for anything which has a version.

www/examples/render/index.html

@@ -4,7 +4,7 @@
     <meta content="text/html; charset=utf-8" http-equiv="content-type"/>
     <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
     <link rel="stylesheet" href="/common/render-sd.css" />
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
     <style>
         html, body {
             padding: 0;
@@ -38,5 +38,5 @@
 </head>
 <body>
     <div id="target">
-        <div id="inner"></div> 
+        <div id="inner"></div>
     </div>