chore(distro/run): add csp to production.yaml

Related to CAM-12046
Closes #993

distro/run/assembly/resources/production.yml

@@ -11,6 +11,18 @@ camunda.bpm:
       same-site-cookie-option: STRICT
     header-security:
       hsts-disabled: false
+      content-security-policy-value: base-uri 'self';
+        default-src 'self' 'unsafe-inline' 'unsafe-eval';
+        img-src 'self' data:;
+        block-all-mixed-content;
+        form-action 'self';
+        frame-ancestors 'none';
+        object-src 'none';
+        sandbox
+          allow-forms
+          allow-scripts
+          allow-same-origin
+          allow-popups
 
 # https://docs.camunda.org/manual/latest/user-guide/security/#authorization
 # https://docs.camunda.org/manual/latest/user-guide/process-engine/authorization-service/