Task/wi 46 Add CSP http headers

[chandra-tacc]

Overview

To become fully secure site, adding detailed Content Security Policy is needed.
This uses django-csp to enable csp.

Related

• WP-46
• similar to task WI-46: Setup CMS using django-csp Core-CMS#672
• delayed/replaced by Task WA-46: Add CSP Policy headers Camino#32

Changes

This PR adds CSP headers for

• font src
• script src
• style src
• connect src
  Also, ensure the current script tags use nonce.
  The setup right now is in "report only" mode to allow for opt-in and fully functional app.

Testing

1. Validated the site using UI and reducing console warnings.

UI

No UI change.

Notes:

At this point, due to possibly breaking the app due to CSP, this PR is in draft mode. Other mitigations are deployed via TACC/Camino#32

[codecov]

Codecov Report

Merging #829 (00f369e) into main (97dc0b5) will decrease coverage by 0.06%.
The diff coverage is 0.00%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #829      +/-   ##
==========================================
- Coverage   64.33%   64.28%   -0.06%     
==========================================
  Files         426      426              
  Lines       12537    12547      +10     
  Branches     2510     2510              
==========================================
  Hits         8066     8066              
- Misses       4255     4265      +10     
  Partials      216      216              

Flag	Coverage Δ
javascript	68.70% <ø> (ø)
unittests	60.33% <0.00%> (-0.10%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
server/portal/settings/settings.py	0.00% <0.00%> (ø)
server/portal/settings/settings_default.py	0.00% <0.00%> (ø)