Fix CSP failures for Microsoft social sign-in

Add login.microsoftonline.com to CSP allow list for `/account/new`, `/account/edit` and `/users/new`

To reproduce:
`/account/edit`
- Login as existing user
- go to "My Settings"
- change "External Authentication" to Microsoft
- click "Save Changes"
- Page fails to load due to CSP violation

`/account/update` ?

`/users/new`
- Login to https://login.live.com with your existing MS account
- navigate to https://www.openstreetmap.com/login
- click on Microsoft Icon to use social account
- on `/user/new` page click "Sign up"
- Page fails to load due to CSP violation

app/controllers/accounts_controller.rb

@@ -17,7 +17,7 @@ def edit
     @tokens = current_user.oauth_tokens.authorized
 
     append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+      :form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
     )
 
     if errors = session.delete(:user_errors)
@@ -32,7 +32,7 @@ def update
     @tokens = current_user.oauth_tokens.authorized
 
     append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+      :form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
     )
 
     user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider)

app/controllers/users_controller.rb

@@ -63,7 +63,7 @@ def new
     parse_oauth_referer @referer
 
     append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+      :form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
     )
 
     if current_user