[dagit] Introduce a CSP
Add a CSP to the Dagit app.
- Lock down default-src and override with some 'self' and a few other minor needs.
- In prod usage, within app.py, generate a one-time nonce and insert into index.html. This is used as __webpack_nonce__ (https://webpack.js.org/guides/csp/), which can then be consumed by styled-components.
- In development, allow inline style and script since we won't have a nonce.
Load Dagit in development. Verify that the app loads properly, and that scripts, XHR, WebSockets, images, styles, etc. all work as expected, with no CSP errors.
yarn build-for-python to generate a prod build, then run Dagit with it. Verify same as above, and verify that the nonce is generated anew on pageloads, and is consumed correctly by styled-components.
Reviewers: max, bengotow, prha, dgibson
Reviewed By: prha
Differential Revision: https://dagster.phacility.com/D8930