Remove 'unsafe-inline' from Content-Security-Policy style-src (#13679)

* Make sure wicg-inert doesn't rely on inline CSS

* Remove unsafe-inline from style-src

app/views/layouts/application.html.haml

@@ -26,6 +26,8 @@
     = javascript_pack_tag "locale_#{I18n.locale}", integrity: true, crossorigin: 'anonymous'
     = csrf_meta_tags
 
+    = stylesheet_link_tag '/inert.css', skip_pipeline: true, media: 'all', id: 'inert-style'
+
     - if Setting.custom_css.present?
       = stylesheet_link_tag custom_css_path, media: 'all'