Update to documentation under the Security section for Azure Static Web Apps

[cloudbenos]

I have this theme deployed on Azure using the Static Web Apps service and from a non developer/web background. First of all I would like to say I have been able to follow most of the solutions on configuring the theme, so thanks for the clear documentation! :)

I did struggle when it come to the Security section and tried a whole host of files and configs and could never get pass a 'C' rank on the security headers scan. However, I have figured it out and thought it might make a useful update to the documentation.

A *.json file called staticwebapp.config.json file needs to be created in the root with the contents of the CSP & Permission Policy.

My file looks like this:

{
"globalHeaders": {
"X-Frame-Options": "DENY",
"X-XSS-Protection": "1; mode=block",
"X-Content-Type-Options": "nosniff",
"Referrer-Policy": "same-origin",
"Content-Security-Policy": "base-uri 'self'; connect-src 'self'; default-src 'self'; frame-ancestors 'none'; font-src 'self' cdnjs.cloudflare.com; img-src 'self'; object-src 'none'; script-src 'self'; style-src 'self' cdnjs.cloudflare.com;",
"Permissions-Policy": "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()",
"Strict-Transport-Security": "max-age=63072000; includeSubDomains; preload"
}
}

Maybe a little overkill but all in all hope this helps, once configured and deployed I went from a 'C' to 'A+'

[lxndrblz]

@cloudbenos I have added it to the relevant wiki section:

https://github.com/lxndrblz/anatole/wiki/%F0%9F%9B%A1%EF%B8%8F-Security