Fix for favicon (Content Security Policy)

Closes no issue

What does this MR do?

Refused to load manifest from 'http://localhost:18080/site.webmanifest' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'manifest-src' was not explicitly set, so 'default-src' is used as a fallback.

How confident are you it won't break things if deployed?

(be honest!)

Links to related issues

https://yunity.slack.com/archives/C1T1ZM9A4/p1604326885115400 https://gitlab.com/foodsharing-dev/foodsharing-beta-testing/-/issues/32#note_436388885

Checklist

• added a test, or explain why one is not needed/possible...
• no unrelated changes
• asked someone for a code review
• set a "for:" label to indicate who will be affected by this change
• use "state:" labels to track this MR's state until it was beta tested
• added an entry to CHANGELOG.md
• add a short text that can be used in the release notes
• Once your MR has been merged, you are responsible to create a testing issue in Beta Testing Repo:
  • Consider writing a detailed description in German.
  • Describe in a few sentences, what should be tested from a user perspective.
  • Also mention different settings (e.g. different browsers, roles, ...). how this change can be tested.
  • Be aware, that also non technical people should understand.