chore: static assets use relative paths instead of {{public_url}}

[mnutt]

Note: I'm not expecting this to be immediately merged, just starting a discussion around if this is something we want.

Continuing in my quest to reduce our chances of XSS by removing interpolation from our html templates, this PR removes the need for {{public_url}} to refer to static assets. It also places static assets under assets/ to prevent future namespace collisions between static assets and routes.

One caveat: if you mount your app at /foobar and load http://localhost:8080/foobar, the relative URLs won't work. The index page works around this by auto-redirecting to http://localhost:8080/foobar/ if you load http://localhost:8080/foobar. This seems acceptable to me as a common thing submounted pages might do but I definitely wanted to get feedback on it.

[acalcutt]

I've seen a lot of PRs relating to public_url, so it leads me to believe it is used by people out there....not sure I'd want to get rid of it.

[mnutt]

It's retained everywhere we absolutely need it, namely within JSON responses that require absolute URLs. My expectation is that everything in this PR should work for anyone using public_url.

My thought (and feel free to disagree) is I think we can/should eventually get to the entire frontend being static html.