Event Calendar as Endpoint, rather than HTML Injection

[ochan1]

Currently, the calendar uses a HTML JSON injected from Django, with the potential to cause HTML to break
https://github.com/compserv/hknweb/blob/master/hknweb/events/templates/events/index.html#L23-L56

Not an issue of security with JavaScript injection as Bleach does take care of that for now

Long term goal: Use a JSON endpoint that the calendar calls rather than an HTML injection (not really potential for attack since no JS, but breaks the calendar HTML)
Sample Code to only allow calls to the URL from another URL: https://github.com/TBP-IT/tbpweb/blob/master/events/views.py#L506

Can open the ability for better Google Calendar integration, RSS Feeds, or people can have a JSON API for their calendar