fix: add 'unsafe-inline' to script-src CSP — Next.js requires inline scripts for hydration

Without this, React never hydrates on the client side, making all
interactive elements (hamburger menu, login form, etc.) completely
non-functional. This was the root cause of the mobile menu not working.

Author: ralyodio

next.config.mjs

@@ -42,7 +42,7 @@ const nextConfig = {
             // 'unsafe-eval' has been removed to prevent script injection attacks.
             value: [
               "default-src 'self'",
-              "script-src 'self' https://datafa.st",
+              "script-src 'self' 'unsafe-inline' https://datafa.st",
               "style-src 'self' 'unsafe-inline'",
               "img-src 'self' data: https:",
               "font-src 'self' data:",