Configure GovukContentSecurityPolicy for govuk_app_config changes

This configures the content security policy in preparation for the
breaking changes coming from
alphagov/govuk_app_config#279. As this app uses
govuk_admin_template and that uses jQuery 1.x and inline script tags,
then this app needs unsafe_inline for script and the nonce generator
disabled.

As an aside, It was a surprise that this application had configured the
GovukContentSecurityPolicy as this had been initially done just in
Frontend apps and it looks like this made it through in some outsourced
Rails updates [1]. I'm leaving this config in so there is an example of
an app outside of frontend using it to build on and as a case study in
configuring an app.

[1]: 45a5a51

config/initializers/content_security_policy.rb

@@ -1 +1,12 @@
-GovukContentSecurityPolicy.configure
+GovukContentSecurityPolicy.configure do |policy|
+  # Ensures the ability to use inline JavaScript without protections. This is
+  # required for compatibility with govuk_admin_template which both uses script
+  # tags without nonces and uses jQuery 1.x which requires unsafe-inline in
+  # some browsers (Firefox is one)
+  script_policy_with_unsafe_inline = (policy.script_src + ["'unsafe-inline'"]).uniq
+  policy.script_src(*script_policy_with_unsafe_inline)
+end
+
+# Disable any configured nonce generators so that unsafe-inline directives
+# can be used
+Rails.application.config.content_security_policy_nonce_generator = nil