Make horizon work with strict content-security-policy

[Grldk]

Right now Horizon does not work with a strict CSP (if unsafe-eval is not allowed). This keeps coming up every once in a while. See #1128 for the latest issue.

This PR fixes this by moving the main horizon container to a separate Vue component. I have tried this before (#1022), but my old PR failed to account for autoLoadNewEntries() in base.js, which used this.autoLoadsNewEntries, where this used to refer to the root Vue element. After these changes this refers to App.vue instead, and I failed to account for that.

This PR fixes that mistake by using this.$root in base.js and App.vue. So with this PR Horizon works as expected, and also with a CSP where unsafe-eval is not allowed.