Added Content-Security-Policy to ensure that external scripts cannot be loaded.

Moved inline scripts to their own files. Moved all front-end scripts to /assets/js/scripts.

app/assets/js/scripts/welcome.js

@@ -0,0 +1,8 @@
+// DOM cache.
+const welcomeButton = document.getElementById('welcomeButton')
+
+welcomeButton.addEventListener('click', e => {
+    $('#welcomeContainer').fadeOut(500, () => {
+        $('#loginContainer').fadeIn(500)
+    })
+})