graphql: download external assets, use go generate

[kurkomisi]

The graphql explorer relies on external cdn files, which is unsafe.
This PR discards the external dependencies, and embeds their binary version into the assets.go file, which guarantees that the files won't be compromised.

[karalabe]

Please add linter ignores to avoid trigerring the misspell.

[kurkomisi]

I tried to generalize the shell commands, but it became complicated, and didn't work properly.

[karalabe]

I think I just blew this PR. I had one open against GraphQL that I thought we already merged. Now that that's in, you'll need to rebase this, sorry.

[karalabe]

Hmm, also, you seemed to have only embedded the raw resource files. That's a bit problematic because we've no idea what version they are at or how to update them. Isn't there some npm black magic through which we could ask for a particular version number, or to update to latest or something? This won't be scalable.

[holiman]

An alternative variant is to keep using the CDN, but also use the hash of the file. See https://www.w3.org/TR/SRI/
You can use https://www.srihash.org/ to calculate the correct hashes. Note though, it requires that we link to specific versions, not things like foobar-latest.min.js.

[kurkomisi]

Superseded by #19742.