fix: fix image csp for favicons

Signed-off-by: Henry Gressmann <[email protected]>

Author: explodingcamera

data/licenses-cargo.json

@@ -62,7 +62,7 @@ pub fn create_router(app: Liwan, events: Sender<Event>) -> impl IntoEndpoint {
         .appending("X-Frame-Options", "DENY")
         .appending("X-Content-Type-Options", "nosniff")
         .appending("X-XSS-Protection", "1; mode=block")
-        .appending("Content-Security-Policy", "default-src 'self' data: 'unsafe-inline'")
+        .appending("Content-Security-Policy", "default-src 'self' data: 'unsafe-inline'; img-src https://*")
         .appending("Referrer-Policy", "same-origin")
         .appending("Permissions-Policy", "geolocation=(), microphone=(), camera=()");