Mutating global state in tests is still not a good idea. (Specifically,
in the previous version of the test, changing the value of
`WebAppInternals.inlineScriptsAllowed()` could mess with other
client-side tests that depend on it being one way or another -- of which
there are currently probably none, but there could be in theory.)
Instead, export the exact things we want to test (boilerplate HTML
generation and the static file handler). Now we are still mutating the
global `inlineScriptsAllowed()` state, but we don't yield before setting
it back to what it was.
Also simplify the reload-safetybelt test: instead of sending an HTTP
request, just check that the script gets adding to
`WebAppInternals.additionalStaticJs`.
Now webapp doesn't need to know anything about the reload safetybelt; it
just exposes a generic interface that any package can use to include
additional static JS (inlined when possible) in the boilerplate
HTML. reload-safetybelt uses this interface, instead of webapp
weak-depending on reload-safetybelt.
