Update django CSP config for django-csp 4.0

[okkays]

https://github.com/usdoj-crt/crt-portal-management/issues/1934

What does this change?

• 🌎 We use Django CSP to lock down content on the site
• ⛔ It was recently updated to 4.0, which uses a different configuration syntax
• ✅ This commit updates to use the new config

Screenshots (for front-end PR):

Checklist:

Author

• [x] If this is a story, run locally and check to make sure all Acceptance Criteria are met. (If any criteria are unclear, ask about them.).
• [x] Check for, document, and establish a testing plan for any behavior that may vary across environments or is otherwise difficult to test.
• [x] Check for accessibility.
• [x] Tests pass.

Reviewer

• [ ] If this is a story, run locally and check to make sure all Acceptance Criteria are met. (If any criteria are unclear, ask about them.).
• [ ] Check for any behavior that may vary across environments or is difficult to test, and ensure that it is well-understood, documented, and that there is a testing plan in place.
• [ ] Re-check for accessibility.
• [ ] Tests pass.

Notes for reviewer:

See PR instructions doc for full pull request review instructions.

[okkays]

My guess existing csp_nonce will work as is in the code base.

Yup nonce should work! The new way they do CSP_INCLUDE_NONCE_IN is to put NONCE under script-src

BTW, i probably have to rebase the staging release with dev once this merge to dev.

Yeah that's probably the easiest way to do it.