Running CiviVolunteer's Angular-based pages from the civicrm/a URL is bad because:
- the 'access CiviCRM' permission is required to access this URL
- all the other Angular modules are loaded, and their permissions get in our way
- create an entry in Volunteer.xml for a new page, perhaps civicrm/vol
- this URL should not have any permissions restrictions – these will be handled by the APIs (for security) and by the Angular routes (for UX)
- page callback is to a new class which extends Civi\Angular\Page\Main
- the new class loads only the Angular modules we care about (the parent (core) class may need to be modified to allow this)
This issue is about laying the groundwork for fixing permissions at the API level.