Implement stronger content-security-policy except in /pad/ which does not allow it.

Implement a "loader" which allows for applying a version number to everything.
Added a cache control for anything which has a version.

www/login/index.html

@@ -9,14 +9,7 @@
     <link rel="icon" type="image/png" href="/customize/main-favicon.png" id="favicon"/>
     <script src="/bower_components/jquery/dist/jquery.min.js"></script>
     <link rel="stylesheet" href="/bower_components/bootstrap/dist/css/bootstrap.min.css">
-    <script data-main="main" src="/bower_components/requirejs/require.js"></script>
-    <script src="/bower_components/requirejs/require.js"></script>
-    <script>
-        require.config({
-            waitSeconds: 60,
-            urlArgs: "bust=1.1.0",
-        });
-    </script>
+    <script data-bootload="main.js" data-main="/common/boot.js" src="/bower_components/requirejs/require.js"></script>
 </head>
 <body class="html">
     <div id="cryptpadTopBar">
@@ -77,4 +70,3 @@
 
 </body>
 </html>
-