Add missing csp directives configuration

[pgayvallet]

Follow-up of #94414

In #102059, we introduced csp.script_src, csp.worker_src and csp.style_src, as a replacement for csp.rules.

However, to totally get rid of csp.rules, we need to also add the other csp directive, to allow customers to configure them if required.

We don't necessarily need to support all directives, however this list should at least be implemented:

• connect-src
• default-src
• font-src
• frame-src
• img-src
• frame-ancestors
• report-uri
• report-to

frame-ancestors may be a tricky one, as it could potentially conflict with server.securityResponseHeaders.disableEmbedding. We may need to add validation between those two config properties

Also see #102059 (comment)

[elasticmachine]

Pinging @elastic/kibana-core (Team:Core)