fix: Linux desktop app freeze caused by restrictive CSP

The Tauri CSP only allowed 'self' for script-src/default-src. After
redirecting from tauri://localhost to the Go backend at
http://127.0.0.1, the CSP blocked resources from the backend origin,
causing the WebKitGTK webview to freeze on Linux.

Add http://127.0.0.1:* to all CSP directives and include
'unsafe-inline'/'unsafe-eval' for scripts so the SPA can load and
run after navigation to the backend.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: mempko

desktop/src-tauri/tauri.conf.json

@@ -20,7 +20,7 @@
       }
     ],
     "security": {
-      "csp": "default-src 'self'; connect-src 'self' http://127.0.0.1:* ws://127.0.0.1:*; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; base-uri 'none';"
+      "csp": "default-src 'self' http://127.0.0.1:*; script-src 'self' http://127.0.0.1:* 'unsafe-inline' 'unsafe-eval'; connect-src 'self' http://127.0.0.1:* ws://127.0.0.1:*; img-src 'self' http://127.0.0.1:* data:; style-src 'self' http://127.0.0.1:* 'unsafe-inline'; font-src 'self' http://127.0.0.1:* data:; object-src 'none'; base-uri 'none';"
     }
   },
   "bundle": {