Consider not downloading static files

[maringuu]

We currently download a bunch of css and js files from various cdn's. See https://github.com/fkie-cad/FACT_core/blob/6922a7b2696d95991bd3ddf603caeeba47d397a3/src/install/frontend.py#L116-L157

From what I know this is unusual. I did some research but didn't find any projects that do things like we do. Also the current approach might cause licensing problems if someone was to host FACT publicly.

The only two advantage of our approach that I can find is that no IP addresses are leaked to foreign websites and that you don't need internet access to run FACT. I'm not sure if these advantages are worth the extra code we have for downloading.

[jstucke]

Everything should be MIT/Apache/BSD license or compatible, so even commercial use should not be an issue. FACT is not intended to be hosted publicly anyway (that could be problematic for other reasons). But you are right, this certainly isn't the regular way of installing JavaScript dependencies. Normally, you would use something like npm, yarn or bower to manage your dependencies. We used npm in the past but it was so tightly rate limited that it caused our CI builds to fail. We never considered bower or yarn, though. Maybe we could use a bower.json or package.json file for managing all dependencies. That could make everything more manageable, improve readability and maybe also work together with GitHub's vulnerability checking support.