Add CSP to content pages (#44)

Let's add a csp so the extension cannot connect to remote things. 
Also makes sure to only load .js that is inside the extension, so
xss'ing an input field is quite a bit harder :)

src/ui/browserAction/popup.html

@@ -7,10 +7,13 @@
 <!doctype html>
 <html>
   <head>
+    <meta
+      http-equiv="content-security-policy"
+      content="script-src 'self';img-src 'self'; font-src 'self'; connect-src 'none'; media-src 'none'; object-src 'none'; prefetch-src 'none'; child-src 'none'; frame-src 'none'; worker-src 'none';"
+    />
     <meta http-equiv="content-type" content="text/html; charset=utf-8" />
     <link rel="stylesheet" href="popup.css" />
     <link rel="stylesheet" href="../variables.css" />
-
     <script src="./popupPage.js" type="module"></script>
     <title>Mozilla VPN</title>
   </head>

src/ui/pageAction/pageActionPopup.html

@@ -8,6 +8,10 @@
 <!doctype html>
 <html>
   <head>
+    <meta
+      http-equiv="content-security-policy"
+      content="script-src 'self';img-src 'self'; font-src 'self'; connect-src 'none'; media-src 'none'; object-src 'none'; prefetch-src 'none'; child-src 'none'; frame-src 'none'; worker-src 'none';"
+    />
     <meta http-equiv="content-type" content="text/html; charset=utf-8" />
     <link rel="stylesheet" href="../variables.css" />
     <link rel="stylesheet" href="./pageAction.css" />

src/ui/settingsPage/index.html

@@ -7,6 +7,10 @@
 <!doctype html>
 <html>
   <head>
+    <meta
+      http-equiv="content-security-policy"
+      content="script-src 'self';img-src 'self'; font-src 'self'; connect-src 'none'; media-src 'none'; object-src 'none'; prefetch-src 'none'; child-src 'none'; frame-src 'none'; worker-src 'none';"
+    />
     <meta http-equiv="content-type" content="text/html; charset=utf-8" />
     <link rel="stylesheet" href="../variables.css" />
     <title>Mozilla VPN Settings</title>