Add missing no-fallback CSP directives (frame-ancestors, base-uri, etc.)

[SiddharthRajaraman]

Jira Issue: https://issues.redhat.com/browse/AAP-64625

Assisted-by: CursorAI

Description

Adds missing CSP directives that have no fallback to default-src: frame-ancestors, base-uri, and form-action. Without these, the directives are effectively unset, allowing unrestricted behavior. Resolves RapidAST DAST finding 10055-13

Testing

Steps to test

1. Pull down the PR
2. Run TestUrls tests
3. Make sure all pass

Type of Change

• Bug fix (non-breaking change fixing an issue)
• New feature (non-breaking change adding functionality)
• Breaking change (fix or feature causing existing functionality to break)
• Security fix
• Performance improvement
• Code refactoring
• Documentation update
• CI/CD update

Backport Policy

This change should be:

• Not backported - main/master only
• Backported to specific releases (add labels after merge)

Automated Backport Instructions

After this PR is merged, add one or more labels to automatically create backport PRs:

• backport/stable-2.4 - Backport to stable-2.4 branch
• backport/stable-2.5 - Backport to stable-2.5 branch
• backport/stable-2.6 - Backport to stable-2.6 branch
• backport/all - Backport to all active stable branches
• no-backport - Explicitly mark as not needing backport

Backport Justification

Special backport considerations:

Scenarios tested

Production deployment

• This code change is ready for production on its own
• This code change requires the following considerations before going to production:

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud