chore: Fix google analytics csp policies
Closes #1183 (closed). Fixes our analytics setup.
The error:
Refused to load the script 'https://www.google-analytics.com/analytics.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
I found this answer on Stack Overflow as to why this is happening. It could be as simple as the order we're setting?
Edited by Jarek Ostrowski