[Request] Feature/toggle flag for upgrade-insecure-requests

[jareddreyerss]

upgrade-insecure-requests is a directive that is ignored when a policy is set to report-only.

This can cause console errors on CI build tools like lighthouse etc.

Suggested solution:

Feature toggle either by conditional logic or env config (possibly checking if circleci is running?) to disable upgrade-insecure-requests from the policy when in dev environments and when a policy is set to report-only.

see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests for reference.