Update apache header content-security-policy

[kbrock]

updates:

• object-src Add object_src Content-Security-Policy directive manageiq#23001
• font-src img-src, style-src Update csp to support charts download manageiq#21822
• connect-src Fix charts download PNG/JPG issue manageiq-ui-classic#8227
• style-src, script-src: quote headers manageiq#4647

see also:

• update content-security-policy to match apache manageiq-pods#1093

[miq-bot]

Checked commit kbrock@269999a with ruby 2.7.8, rubocop 1.56.3, haml-lint 0.51.0, and yamllint
0 files checked, 0 offenses detected
Everything looks fine. 🍪

[Fryguy]

I don't think these should match, particularly the unsafe-eval and unsafe-inline. We should only make these match where it makes sense for assets for packs retrieval. Let's discuss over voice...I'm not convinced we should do any of these and in fact I'm wondering if we should remove some the original values.

[miq-bot]

This pull request has been automatically marked as stale because it has not been updated for at least 3 months.

If these changes are still valid, please remove the stale label, make any changes requested by reviewers (if any), and ensure that this issue is being looked at by the assigned/reviewer(s).

[miq-bot]

This pull request has been automatically marked as stale because it has not been updated for at least 3 months.

If these changes are still valid, please remove the stale label, make any changes requested by reviewers (if any), and ensure that this issue is being looked at by the assigned/reviewer(s).