feat: public private routing

[peterpeterparker]

Motivation

Instead of an up-front sign-in screen, we want user to be to sign-in on each screen. Doing so we will be able to display meaningful static information on each pages and maybe be even able to display public information while not being signed - i.e. render proposal even if not signed in.

Breaking changes

This PR switch the custom routing implementation to a SvelteKit base routing. This is a BREAKING CHANGES.
We switch from an hasbang base routing system to a query params system. In addition, we migrate from a SPA to a multi page app.

There is not backwards compatibility for the urls. Hashbang params will be ignored.

However, to ease the launch on mainnet without the need to synchronize the proposal execution with the dashboard, the PR contains a workaround to route /#/proposal/{id} from login page to proposal detail page. Workaround we aim to ultimately, rather soon than later, delete.

Approach

We use +layout.ts file to extract the parameters (universe and details like "&proposal=123") request.

The "universe" param being a global information, it gets derived in a custom pageStore - i.e. we use SvelteKit $app/stores to derive our own page information.

Other fine grained params - e.g &proposal=123" - a passed down from the +page to its content.

Limitation

This PR does not support unknown routes. i.e. if user would enter nns.ic0.app/yolo it will face a 500 error uncatched. See "Open questions".

Performance

Optimizing the performance of the dapp is a battle between loading everything in a single JS bundle files and finding the right amount of chunks.

This PR does the following:

• it uses Rollup manualchunks to bundle all node_modules - except Svelte related components and code - dependencies in a vendor.js file and a dapp file for the app

• SvelteKit chunks the rest of the app

• sometimes we might want to limit the number of chunks for fine tuning. That's why the login page does not use a +layout.svelte file but includes the layout as a component or why the route are still lazy loaded with our RouteModule

Security

The CSP parser has been extended to parse the rules in each and every single .html file that is generated.

TODO

Following are the lists of things I am aware of currently and still need to be done.

Not in this PR

• Rust certified assets for absolute route or duplicate resources (e use trailingSlash strategy, we can maybe copy the files. e.g. accounts/index.html -> clone to accounts.html as well). Note: This is also not supported at the moment in II
• can we have an error page because that does not play well with certified assets currently? Maybe we can have an error.html page that we accept to make not certified?
• make list and detail of proposals public
• make Launchpad and project detail public
• design and branded content for each static routes if not logged in
• multiple sign in buttons within same page but only one single init auth
• Sitemap
• pages canonical
• refactor layout and routes components (inline these in +pages)
• login button spinner design
• optimize performance

[peterpeterparker]

This PR contains workaround for SvelteKit issue sveltejs/kit#7415

[mstrasinskis]

Awesome, thanks! Looking forward seeing it in main.