Description of problem:

Marketplace plugin icons and images in the sidepanel are fetched from external resources like `janus.idp.io` and `github.com`, these image are blocked in backstage due the the content security policies defined in the application configuration.

Prerequisites (if any, like setup, operators/versions):

Steps to Reproduce

1. Load the marketplace plugin in the cluster. Use this image quay.io/rhdh-community/rhdh:pr-2156-42350779 to load the marketplace plugin.
2. Visit marketplace UI

Actual results:

Icons/images are blocked by the  `img-src` content security policies in the backstage application.

I had to add janus.idp and github.com hostnames in the application configuration csp to allow the application to download from these external locations

app.config.yaml: 

csp:
    img-src:
      # "'self'" and 'data' are from the backstage default but must be set since img-src is overwritten
      - "'self'"
      - 'data:'
      # Allow your githubusercontent and janus-idp instance for marketplace plugin
      - 'github.com'
      - 'raw.githubusercontent.com'
      - 'janus-idp.io'

Expected results:

The icons and images should load without adding anything in the csp configuration.

Reproducibility (Always/Intermittent/Only Once):

Always

Build Details:

Marketplace plugin bundled in rhdh - quay.io/rhdh-community/rhdh:pr-2156-42350779

Additional info (Such as Logs, Screenshots, etc):