Added https: to connect-src
I was noticing some strange behavior on a few friends devices. Luckily I was able to reproduce the bug on my GF's version of Chrome. Strangely not on my version of Chrome (latest stable for Linux).
When using the pleroma-fe there was an issue on login where it was blocking requests to pleroma's api routes, because it was in violation of the content security policy for connect-src.
This change whitelists any https requests coming from the page. After some research I've concluded this doesn't open up any vulnerabilities.