Allows CSP without a report-uri

What does this MR do?

It allows us to configure the site to have a CSP without the report-uri part.

This is because we have found that the CSP reports cause 87% of our sentry quota and are of very little value (a lot of weird/random domains).

Previously if removing CSP_REPORT_URI from the settings, it would cause it to stop sending CSP header entirely. Now, it will still send CSP header, just no report-uri part.

How confident are you it won't break things if deployed?

Should all be good! We have CSP_REPORT_URI set for beta/prod, so should be no change on deployment.

Links to related issues

Checklist

• added a test, or explain why one is not needed/possible... erm... sorry I was lazy...
• no unrelated changes
• asked someone for a code review
• joined #foodsharing-beta channel at https://slackin.yunity.org
• added an entry to CHANGELOG.md (description, merge request link, username(s))
• Once your MR has been merged, you are responsible to update the #foodsharing-beta Slack channel about what has been changed here. They will test your work in different browsers, roles or other settings