This story follows up on spike https://issues.redhat.com/browse/CONSOLE-4170

The aim of this story is to add initial CSP implementation for Console web application that will use Content-Security-Policy-Report-Only HTTP header to report on CSP violations.

CSP violations should be handled directly by Console code via custom SecurityPolicyViolationEvent handler, which logs the relevant CSP violation data to browser console.

AC:

• Console HTML index page must be served with CSP report-only response header
• Running dynamic demo plugin in Console must not trigger any CSP violations
• CSP violations must be logged to browser console
• dynamic plugins README should contain a section that describes CSP usage in Console