Serve HTML pages with a custom protocol in all project templates by default

[RareScrap]

Pre-flight checklist

• I have read the contribution documentation for this project.
• I agree to follow the code of conduct that this project uses.
• I have searched the issue tracker for a feature request that matches the one I want to file, without success.

Problem description

The Electron security guidelines discourage the use of the file:// protocol for serving app pages, yet the templates still employ this approach by default. This creates extra work for the developer that doesn't know about it (which makes the situation even more dramatic) because a newly created project is expected to be a safe foundation for future work. Moreover, the current situation almost certainly leads to unsafe code reaching production.

Proposed solution

Serve app pages using a custom protocol instead of the file:// protocol in all templates used by create-electron-app

Alternatives considered

Solution like "add a warning to the doc" is not even an option when it's possible prevent the problem at all with safe templates

Additional information

No response

[erickzhao]

Good point. @MarshallOfSound of sound had a WIP PR for webpack a while back: #3511

Added to the v8 milestone.