Implement CSP HTTP header

https://observatory.mozilla.org/analyze.html?host=tails.boum.org says we should implement the Content Security Policy (CSP) HTTP header.

Original created by @u on 13450 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information