Webscrapbook

* Removed shebang for script files.

* A lock is now created using a hashed filename instead of a plain filename.

* Added content security policy restriction for served web pages. They can no longer send AJAX requests and form actions to prevent a potential attack. A config `app.content_security_policy` is added to change the behavior.

* Installation requirement is now declared as Python >= 3.6. Note that version compatibility is not thoroughly checked for prior versions, and some functionalities are known to break in Python < 3.7 for some versions despite marked as installable.
* Response of a server`config` action now exposes a new `WSB_EXTENSION_MIN_VERSION` value, which informs the client to apply self version checking.

* Added site indexer.

* Tokens are now created under `.wsb/server/tokens` instead of `.wsb/server/token`.