Fix embedded resources missing `Cross-Origin-Embedder-Policy` header

[SleepySquash]

Related to #996 Related to #998 Related to #1002

Synopsis

We've added Cross-Origin-Embedder-Policy header in #1002 to support drift OPFS and WebAssembly building (those use the SharedArrayBuffers available only on cross origin isolated sites). However, it turned out that not only the resource embedding other resources must have COEP header, but the embedded resources must have one as well:

Solution

This PR adds COEP header to each nginx hosted resource (e.g. drift_worker.dart.js).

Checklist

• Created PR:
  • [x] In draft mode
  • [x] Name contains issue reference
  • [x] Has type and k:: labels applied
• Before review:
  • [x] Documentation is updated (if required)
  • [x] Tests are updated (if required)
  • [x] Changes conform code style
  • [x] CHANGELOG entry is added (if required)
  • [x] FCM (final commit message) is posted or updated
  • [x] Draft mode is removed
• [ ] Review is completed and changes are approved
  • [ ] FCM (final commit message) is approved
• Before merge:
  • [ ] Milestone is set
  • [ ] PR's name and description are correct and up-to-date
  • [ ] All temporary labels are removed

[SleepySquash]

FCM

Add `Cross-Origin-Embedder-Policy` header to embedded resources in `nginx.conf` (#1011)

[SleepySquash]

Discussed: location / already sets the header. It was missing due to Chrome caching the response.