* upgrade Ember CLI to 3.13 and Ember Source + Ember Data to 3.12
Ember Source upgrade to 3.13 is blocked by Ember CP Validations,
which does not support Ember Source 3.13 yet.
Ember Data upgrade to 3.13 is blocked by Ember Data Model Fragments,
which does not support Ember Data 3.13 yet.
Also removes autofocus mixin and inlines the code as mixins are
considered an antipattern in latest Ember versions.
Removes some left overs in `"resolutions"` key. But that shouldn't have a real impact.
* Adds a loading spinner to form buttons as long as submission is pending.
* Does some refactoring of form navigation buttons.
* Updates expected bundle size.
Assets must be referenced using relative URLs cause otherwise croodle
can't be served from subdirectories.
Can't add tests for this one cause ember requires absolute assets URLs
for testing.
Drops ember-radio-buttons addon and uses a plain input element instead. ember-radio-buttons doesn't seem to be maintained anymore and required jQuery. Also plain input element seems to be much easier to maintain.
Replaces ember-ajax by ember-fetch as ember-ajax is build on top of jQuery.ajax().
This reduces the bundle size by 25 KB (JavaScript) after gzip. Updating the size limit accordingly.
Having both a Content-Security-Policy (CSP) in meta tag and per header
works fine together. They are merged and the strongest one is applied.
It makes Croodle safer for all users even if the hoster does not apply CSP
for some reason (e.g. they can't set custom headers).
It's still a good idea to recommend using a CSP header cause that ones
are applied earlier - even so this shouldn't be a problem cause we ensure
that CSP meta tag is present before any other link, style or script element.
before it was done as computed properties of model
accessing encryption key in serializer is done via global application var.
this should be removed in long-term
