CSP: Extract JavaScript from layout to assets

Fixes CODEOCEAN-CP

config/initializers/content_security_policy.rb

@@ -56,10 +56,10 @@ Rails.application.config.content_security_policy do |policy|
 end
 
 # If you are using UJS then enable automatic nonce generation
-Rails.application.config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
+# Rails.application.config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
 
 # Set the nonce only to specific directives
-Rails.application.config.content_security_policy_nonce_directives = %w[script-src]
+# Rails.application.config.content_security_policy_nonce_directives = %w[script-src]
 
 # Report CSP violations to a specified URI
 # For further information see the following documentation: