Add CSP to replay.perma.cc

[matteocargnelutti]

This PR adds a fairly "loose" Content Security Policy to replay.perma.cc.

The intended policy can be summarized as:

Everything's allowed within the <iframe>, as long as it's same-origin.

The goal is to help prevent potential "service worker leaks" (meaning: requests meant to be intercepted by the service worker that end up reaching the network) that the playback software might not have accounted for yet by using browser-level safety mechanisms.

---

Note: Will require extensive testing on staging before pushing to prod.

[codecov[bot]]

Codecov Report

Merging #3324 (eb6bf51) into develop (226d4cd) will increase coverage by 0.00%. The diff coverage is 100.00%.

@@           Coverage Diff            @@
##           develop    #3324   +/-   ##
========================================
  Coverage    73.55%   73.56%           
========================================
  Files           55       55           
  Lines         6649     6650    +1     
========================================
+ Hits          4891     4892    +1     
  Misses        1758     1758           

Impacted Files	Coverage Δ
perma_web/replay/views.py	91.42% <100.00%> (+0.25%)	:arrow_up:

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[matteocargnelutti]

Good call, thanks @rebeccacremona !