add in config options for image sources in content security policy.

[AndyKilmory]

What does this change?

Adds in the ability to add to the image source section of the Content-Security-Policy header via configuration. Adding security.imageSources key to the config. It includes a set of strings.

How should a reviewer test this change?

Ensure that any sources added to security.imagesSources in the config get incorporated into the Content-Security-Policy header.

Tested? Documented?

• [x] locally by committer
• [ ] locally by Guardian reviewer
• [ ] on the Guardian's TEST environment
• [ ] relevant documentation added or amended (if needed)

[prout-bot]

Seen on collections (created by @AndyKilmory and merged by @twrichards 8 minutes and 32 seconds ago) Please check your changes!

[prout-bot]

Seen on metadata-editor (created by @AndyKilmory and merged by @twrichards 8 minutes and 37 seconds ago) Please check your changes!

[prout-bot]

Seen on auth, image-loader, leases (created by @AndyKilmory and merged by @twrichards 8 minutes and 40 seconds ago) Please check your changes!

[prout-bot]

Seen on thrall, kahuna (created by @AndyKilmory and merged by @twrichards 8 minutes and 43 seconds ago) Please check your changes!

[prout-bot]

Seen on cropper (created by @AndyKilmory and merged by @twrichards 8 minutes and 47 seconds ago) Please check your changes!

[prout-bot]

Seen on usage (created by @AndyKilmory and merged by @twrichards 8 minutes and 51 seconds ago) Please check your changes!

[prout-bot]

Seen on media-api (created by @AndyKilmory and merged by @twrichards 8 minutes and 54 seconds ago) Please check your changes!