Moved vendored js/css into `public/vendor` and documented sources (#1484) (#2241)

* Cleaning up public/ and documenting js/css libs.

This commit mostly addresses #1484 by moving vendor'ed plugins into a
vendor/ directory and documenting their upstream source and license in
vendor/librejs.html.

This also proves gitea is using only open source js/css libraries which
helps toward reaching #1524.

* Removing unused css file.

The version of this file in use is located at:
  vendor/plugins/highlight/github.css

* Cleaned up librejs.html and added javascript header

A SafeJS function was added to templates/helper.go to allow keeping
comments inside of javascript.

A javascript comment was added in the header of templates/base/head.tmpl
to mark all non-inline source as free.

The librejs.html file was updated to meet the current librejs spec. I
have now verified that the librejs plugin detects most of the scripts
included in gitea and suspect the non-free detections are the result of
a bug in the plugin. I believe this commit is enough to meet the C0.0
requirement of #1534.

* Updating SafeJS function per lint suggestion

* Added VERSIONS file, per request

1 files changed, 6 insertions, 0 deletions

diff --git a/modules/templates/helper.go b/modules/templates/helper.go
index 235b649547..821ff6c9c7 100644
--- a/modules/templates/helper.go
+++ b/modules/templates/helper.go
@@ -66,6 +66,7 @@ func NewFuncMap() []template.FuncMap {
 		},
 		"AvatarLink":   base.AvatarLink,
 		"Safe":         Safe,
+		"SafeJS":       SafeJS,
 		"Sanitize":     bluemonday.UGCPolicy().Sanitize,
 		"Str2html":     Str2html,
 		"TimeSince":    base.TimeSince,
@@ -162,6 +163,11 @@ func Safe(raw string) template.HTML {
 	return template.HTML(raw)
 }
 
+// SafeJS renders raw as JS
+func SafeJS(raw string) template.JS {
+	return template.JS(raw)
+}
+
 // Str2html render Markdown text to HTML
 func Str2html(raw string) template.HTML {
 	return template.HTML(markdown.Sanitize(raw))