Better GDPR support

[chalin]

This is an umbrella issue for better addressing GDPR needs. Or, to say this another way, ensure that it isn't harder for projects wishing to be GDPR compliant to use Docsy.

• Support non-CDN resources #605
• Make asset urls configurable #1006
• Pull in latest mermaid version while allowing custom versions #1410
• ...

[naturedamends]

Simple fix with no consequences

Why not just add any network requests to a separate partial which can be overridden.

Surely we can ask Devon to do this for us, jeeez. If you want me to PR i will

For example there is only three simple ones.

• docsy/layouts/partials/head.html

  Line 28 in 6549143

  <script

• docsy/layouts/partials/head.html

  Line 33 in 6549143

  <script defer

• docsy/layouts/partials/head.html

  Line 55 in 6549143

  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@docsearch/css@3.6.0"

Other large SaaS platforms like angolia are fine, if I want to use them I can add them to my polices, however there is just no reason to do this simple static assets.

Related issues

#1436

Using third parties in general.

• Sure the CDN may be faster to load some rare requests, but jquery is nowhere near modular enough to do that effectively. + any version increment hurts the cache potential. If things are modular, should it not be to have a script integrity hash for scripts which may be duplicated across domains in separated binaries.
• They offer points of failure. If anyone of them are down, then my page is not usable.
• Failure is hard to monitor, without sending event logs via javascript, which is possible but adds heavy services to the Infrastructure.
• cookie partitions does not stop sharing personal information via TCP
• Does a repeat request for a CDN even have any time saving or data saving, because could that not be a way to identity a user across domains.