Add CSP overrides for the import page.

What does this MR do?

Allows Google, GitHub, GitLab, Bitbucket, and a few other sources in the Content Security Policy, for importing and login purposes.

Are there points in the code the reviewer needs to double check?

Not that I know of. Maybe that LDAP/SAML won't cause CSP warnings?

Why was this MR needed?

OAuth login through Google, GitHub, GitLab, Bitbucket, etc. as well as importing from those sources was causing CSP violation reports after !4770 (merged) was merged.