Add Content Security Policy Header Tag (#1379)

* Add Content Security Policy Header Tag

* Update CSP for connect-src with https, wss

public/index.html

@@ -62,7 +62,10 @@
     />
     <!-- OG tags require absolute url for images -->
     <meta name="twitter:image" content="https://excalidraw.com/og-image.png" />
-
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="block-all-mixed-content; child-src 'none'; connect-src https: wss:; default-src 'self'; font-src 'self' data: https: filesystem:; img-src 'self' data: https:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https:;"
+    />
     <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />
     <link rel="stylesheet" href="fonts.css" />
     <link