Fix #1010

[ParkourKarthik]

Short description of what this resolves:

Resolves security issues with content security policy

Changes proposed in this pull request:

Added content security policy for webviews

Fixes: #1010

How Has This Been Tested?

Verified that there is no view mismatch and console error logs.

Screenshots (if appropriate):

Checklist:

• I have read the contribution guidelines.
• My change requires a change to the documentation and GitHub Wiki.
• I have updated the documentation and Wiki accordingly.

[ParkourKarthik]

@shanalikhan I've just modified the first page. Verify that if it is ok to update other pages similarly.
On your confirmation, I'll be updating the other Webviews accordingly within this PR.
I do have several doubts below:

1. To explicitly set values for different sources?
2. Is it safe to use 'unsafe-inline'? If not what is preferred, nonce or moving the inline scripts out if possible?

[shanalikhan]

To explicitly set values for different sources?

Can you explain it.

Is it safe to use 'unsafe-inline'?

Yes lets keep this as of now unless code gives warnings or logs in console :)

Feel free to improve other webviews as well.

[ParkourKarthik]

I mean, right now I've set values to the default-src directive which serves as a fallback of other directives such as script-src, style-src, img-directive, etc.
For example, I've set 'unsafe-inline' in default-src which is to enable inline scripts in the code which is applicable in this landing page. But, this value would be a fallback value for other directives as well which may affect the security in some cases (I'm not sure though).

To explicitly set script-src 'unsafe-inline' would be better and more specific. I think that would be the preferred way as well.

[ParkourKarthik]

I've updated the webviews as required. You can verify and merge the changes.