remove public access to unvetted proposals

[behindtext]

when proposals are first submitted, they are considered in the 'unvetted' state and must be manually reviewed by someone who checks that a number of basic requirements are satisfied. since proposals that are unvetted or currently in the process of being vetted could contain inflammatory content, we must deprive users of the ability to externally access this data while a proposal is unvetted. this avoids the scenario of pi being used to effectively serve inflammatory content, albeit via an indirect channel.

as part of fixing this, the censorship token lookup widget in the ui would be removed. users who submit proposals that are ultimately censored should be able to independently verify that their proposal was indeed received and not made public with its censorship token alone. by allowing lookups against a censorship token, whoever is hosting the pi instance may end up inadvertently hosting inflammatory content.

[sndurkin]

Unvetted proposals are already only accessible by admin users. I think the only action items here are:

• UI should display the following information on each proposal to allow users to perform independent verification:
  • censorship token
  • censorship signature
  • public server identity (which is sent in the / request)
• Fix Title should not be sent for inaccessible proposals politeia#102

[sndurkin]

The rest of this issue has been addressed in #167.