nginx: remove use of require-sri-for

It is being removed from Firefox and planned to be removed from
Chromium. It seems the main reason is that it doesn't cover all
scripts/styles and therefore provide a false sense of security and may
break in the future.

See <w3c/webappsec-subresource-integrity#82>.

layout/nginx.j2

@@ -26,7 +26,6 @@ add_header    "Content-Security-Policy" "{% filter striptags %}
 
    frame-ancestors 'none';
    block-all-mixed-content;
-   require-sri-for script style;
 {% endfilter %}";
 
 location = /nginx.conf {