fix(security): update Content Security Policy to remove unnecessary imgSrc entry and addd comment for styleSrc

Author: n3rdc4ptn

server.ts

@@ -93,8 +93,9 @@ fastify.register(helmet, {
   contentSecurityPolicy: {
     directives: {
       defaultSrc: ["'self'"],
+      // styleSrc: unsafe-inline is needed for our styling
       styleSrc: ["'self'", "'unsafe-inline'"],
-      imgSrc: ["'self'", 'data:', 'https:'],
+      imgSrc: ["'self'", 'data:'],
       'connect-src': ["'self'", 'sdk.openui5.org', sentryHost, dynatraceOrigin],
       'script-src': isLocalDev
         ? ["'self'", "'unsafe-inline'", "'unsafe-eval'", sentryHost, dynatraceOrigin]