x/website/cmd/golangorg: Add Content Security Policy

[empijei]

CSP is an important protection against some of the higher risk web vulnerabilities and the official Go website doesn't currently adopt it.

Moreover CSP is a internal requirement for any website hosted on *.google.eTLD and the Go website is currently also hosted on golang.google.cn.

I can take care of fixing this or finding someone that can work on it if the proposal is accepted.

/cc @dmitshur @andybons

[andybons]

This doesn't need a proposal. Feel free to submit a fix :)