Add Content-Security-Policy header

Merged Tae Hoon requested to merge tae/pleroma-fe:csp-header into develop

Now dev testing can reproduce the security issues we saw in production.

Merge request reports