Refactor polyfill bundling and loading to load only the polyfills that
are required for the current browser, and make it easier to load new
polyfills conditionally in future.

The polyfills are partioned into sets. For each set there is a separate
bundle, with an entry point in src/shared/polyfills/{set}.js. There is
an index file in src/shared/polyfills/index.js which defines functions
to test which sets are needed by the current browser.

This change prevents loading of ~246KB of minified JS (not gzipped) in modern
browsers which don't need any of the polyfills.

unorm is a large library which also exposes its functionality as a
`String.prototype.normalize` polyfill.

Using the native method is a first step towards not loading unorm in
browsers that have Unicode normalization available natively.

Bump autoprefixer from 9.4.8 to 9.4.9

Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 9.4.8 to 9.4.9.
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/postcss/autoprefixer/compare/9.4.8...9.4.9)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Install wicked-good-xpath dependency from npm

This makes it easier to see what version we are using and get
automated notifications if the package is updated for any reason.

 - Update to current release of wicked-good-xpath from npm
 - Remove reference to IE 10 in comment since we now only support IE 11

Bump mocha from 6.0.0 to 6.0.1

Bump katex from 0.10.0 to 0.10.1

Bumps [katex](https://github.com/KaTeX/KaTeX) from 0.10.0 to 0.10.1.
- [Release notes](https://github.com/KaTeX/KaTeX/releases)
- [Changelog](https://github.com/KaTeX/KaTeX/blob/master/CHANGELOG.md)
- [Commits](https://github.com/KaTeX/KaTeX/compare/v0.10.0...v0.10.1)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [mocha](https://github.com/mochajs/mocha) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mochajs/mocha/compare/v6.0.0...v6.0.1)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bump npm-packlist from 1.4.0 to 1.4.1

Bumps [npm-packlist](https://github.com/npm/npm-packlist) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/npm/npm-packlist/releases)
- [Commits](https://github.com/npm/npm-packlist/compare/v1.4.0...v1.4.1)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bump watchify from 3.11.0 to 3.11.1

Bump autoprefixer from 9.4.7 to 9.4.8

Bump npm-packlist from 1.3.0 to 1.4.0

Bump unorm from 1.4.1 to 1.5.0

Bumps [npm-packlist](https://github.com/npm/npm-packlist) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/npm/npm-packlist/releases)
- [Commits](https://github.com/npm/npm-packlist/compare/v1.3.0...v1.4.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 9.4.7 to 9.4.8.
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/postcss/autoprefixer/compare/9.4.7...9.4.8)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [watchify](https://github.com/substack/watchify) from 3.11.0 to 3.11.1.
- [Release notes](https://github.com/substack/watchify/releases)
- [Commits](https://github.com/substack/watchify/compare/v3.11.0...v3.11.1)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [unorm](https://github.com/walling/unorm) from 1.4.1 to 1.5.0.
- [Release notes](https://github.com/walling/unorm/releases)
- [Commits](https://github.com/walling/unorm/compare/v1.4.1...v1.5.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>

* Remove Google Plus share options from the client

- Google Plus is shutting down, so remove share icons for it from the
  client
- Add padding around remaining icons in annotation share dialog and
  spacer after "Share" label to avoid having too much space between
  icons

Fixes https://github.com/hypothesis/product-backlog/issues/947

* Update icon font to remove Google+ icons

Remove the Google+ icons and regenerate the icon font using the Icomoon
app, following the process described in src/styles/vendor/ICOMOON.md.

In the process I had to select the option in the Icomoon UI to remove
custom colors from many of the icons. In the client the
`h-icon-*::before` selectors should specify only the font to use and
content to show but not a color. The color is inherited from the parent
elements. I believe this is necessary because it has been a long time
since the icon font was last updated and the Icomoon app has evolved
since then.

* Add notes about how to update or remove icons from the icon font

Avoid using build executor while waiting for deployment confirmation

Bump @octokit/rest from 16.15.0 to 16.16.0

Bump eslint from 5.14.0 to 5.14.1

Bump sinon from 7.2.3 to 7.2.4

Bump gulp-sourcemaps from 2.6.4 to 2.6.5

Bump mocha from 5.2.0 to 6.0.0

Within a `node` block, `return` will just stop the sequence of steps
within that block, not the whole pipeline.

Bumps [eslint](https://github.com/eslint/eslint) from 5.14.0 to 5.14.1.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v5.14.0...v5.14.1)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [@octokit/rest](https://github.com/octokit/rest.js) from 16.15.0 to 16.16.0.
- [Release notes](https://github.com/octokit/rest.js/releases)
- [Commits](https://github.com/octokit/rest.js/compare/v16.15.0...v16.16.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [sinon](https://github.com/sinonjs/sinon) from 7.2.3 to 7.2.4.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sinonjs/sinon/compare/v7.2.3...v7.2.4)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [gulp-sourcemaps](https://github.com/gulp-sourcemaps/gulp-sourcemaps) from 2.6.4 to 2.6.5.
- [Release notes](https://github.com/gulp-sourcemaps/gulp-sourcemaps/releases)
- [Commits](https://github.com/gulp-sourcemaps/gulp-sourcemaps/compare/v2.6.4...v2.6.5)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [mocha](https://github.com/mochajs/mocha) from 5.2.0 to 6.0.0.
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mochajs/mocha/compare/v5.2.0...v6.0.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>

The Jenkinsfile previously has this structure:

```
node {
  // Do checkout, run tests etc.
  ...
  stage('Deploy to prod') {
    input(message: "Deploy to prod")
  }
}
```

While any steps inside the `node` block are running or waiting, the pipeline
will consume a build executor slot. If several client builds were waiting for
manual input, this could prevent other Jenkins jobs from running.

This commit restructures the Jenkinsfile like so:

```
node {
  // Do checkout, run tests etc.
}

stage('Deploy to prod') {
  input(message: 'Deploy to prod?')
  node {
    // Do the deployment
  }
}

As a result, a client build waiting to be deployed to production will no longer
consume a build executor slot.

See also the "7. Don't: Use input within a node" tip in [1]

Fixes #955

[1] https://www.cloudbees.com/blog/top-10-best-practices-jenkins-pipeline-plugin

Bump eslint from 5.13.0 to 5.14.0

Bump @babel/core from 7.2.2 to 7.3.3

Merge pull request #951 from hypothesis/dependabot/npm_and_yarn/karma-coverage-istanbul-reporter-2.0.5

Bump karma-coverage-istanbul-reporter from 2.0.4 to 2.0.5

Bump babel-plugin-istanbul from 5.1.0 to 5.1.1

Bumps [eslint](https://github.com/eslint/eslint) from 5.13.0 to 5.14.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v5.13.0...v5.14.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [@babel/core](https://github.com/babel/babel) from 7.2.2 to 7.3.3.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.2.2...v7.3.3)
Signed-off-by: dependabot[bot] <support@dependabot.com>