CSP policy/S3 configuration should be updated for content.www.va.gov assets

Issue Description

Sentry reports that our content security policy directives are out of whack with reality: http://sentry.vfs.va.gov/organizations/vsp/issues/35909/?project=-1&query=is%3Aunresolved&statsPeriod=14d

It looks like some assets were moved to S3 bucket served from: https://s3-us-gov-west-1.amazonaws.com/content.www.va.gov/

such as https://s3-us-gov-west-1.amazonaws.com/content.www.va.gov/img/design/icons/apple-touch-icon-152x152.png and many others

But that host is not in our CSP directives. And in fact, it's not really desirable to put that host in our CSP because it would allow images from all of s3-us-gov-west-1.amazonaws.com - i.e. every bucket in GovCloud, not just VA-controlled buckets in GovCloud.

Instead:

Tasks

[ ] Make sure the content.www.va.gov bucket is available at a S3 vanity URL - I don't know if this requires any explicit configuration, but if possible should pick a URL without dots in it because that messes up SSL wildcarding. So something like content-www-va-gov.s3-us-gov-west-1.amazonaws.com
[ ] Update all references to these assets to use the updated URL. Hopefully that base hostname is configured in a single place?
[ ] Update the CSP policy to allow img-src (and any other CSP classes as needed) from the updated S3 host.

Acceptance Criteria

[ ] Sentry should no longer receive CSP reports from content.www.va.gov assets.

How to configure this issue

[ ] Attached to a Milestone (when will this be completed?)
[ ] Attached to an Epic (what body of work is this a part of?)
[ ] Labeled with Team (product support, analytics-insights, operations, service-design, tools-be, tools-fe)
[ ] Labeled with Practice Area (backend, frontend, devops, design, research, product, ia, qa, analytics, contact center, research, accessibility, content)
[ ] Labeled with Type (bug, request, discovery, documentation, etc.)

department-of-veterans-affairs / va.gov-team