Fix #1010 (#1020)

* Fix #1010

* explicit csp for respective directives

* update csp in other webviews

ui/gist-selection/gist-selection.html

@@ -6,6 +6,10 @@
       name="viewport"
       content="width=device-width, initial-scale=1, shrink-to-fit=no"
     />
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="default-src vscode-resource:; script-src 'unsafe-inline' vscode-resource:; style-src 'unsafe-inline' vscode-resource:;"
+    />
     <link
       rel="stylesheet"
       href="@PWD/ui/shared/vendor/bootstrap/css/bootstrap.min.css"

ui/landing-page/landing-page.html

@@ -6,6 +6,10 @@
       name="viewport"
       content="width=device-width, initial-scale=1, shrink-to-fit=no"
     />
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="default-src vscode-resource:; script-src 'unsafe-inline' vscode-resource:; style-src 'unsafe-inline' vscode-resource:; img-src data: vscode-resource:;"
+    />
     <link
       rel="stylesheet"
       href="@PWD/ui/shared/vendor/bootstrap/css/bootstrap.min.css"

ui/settings/settings.html

@@ -6,7 +6,10 @@
       name="viewport"
       content="width=device-width, initial-scale=1, shrink-to-fit=no"
     />
-
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="default-src vscode-resource:; script-src 'unsafe-inline' vscode-resource:; style-src 'unsafe-inline' vscode-resource:; img-src data: vscode-resource:;"
+    />
     <link
       rel="stylesheet"
       href="@PWD/ui/shared/vendor/bootstrap/css/bootstrap.min.css"