Some minor security changes

[alexandreteles]

As I'm working to make CDP a little more secure, as a first step I have made:

1. Committed a config.php file with changes to the config array, logging option, debug levels and timezone as option;
2. A method to stop directly access to files that should only be included;
3. JSON database files moved outside includes directory;
4. JSON database files has now a less permissive chmod (644);
5. A index.php file has been added to include directories to stop directory listening when the webserver isn't configured to do so;

OBS.: NEVER make database files world writable