Make enabling content_security_policy configurable via gdk.yml

What does this Merge Request do and why?

This MR adds the gitlab.rails.content_security_policy.enabled setting (enabled by default) along with accompanying gitlab/config/gitlab.yml template changes and assists with https://gitlab.com/gitlab-org/analytics-section/product-analytics/devkit#disable-cors.

Merge Request checklist

• This change is backward compatible. If not, please include steps to communicate to our users.
• Tests added for new functionality. If not, please raise Issue to follow-up.
• Documentation added/updated, if needed.
• gdk doctor test added, if needed.
• Add the ~highlight label if this MR should be included in the CHANGELOG.md.