GitLab for Jira app: Fix content security policy problems

This is a part of the epic to make the GitLab for Jira app available for self-managed (&5650 (closed))

GitLab SaaS will act as a proxy for a self-managed instance and therefore will have to call a few endpoints. To allow this, they need to be added to the content security policy. We already did this with /-/jira_connect/oauth_application_id here.

In addition to this, we need to allow

• /-/jira_connect/*
• /api/*

On the self-managed side, we need to add /-/jira_connect/subscriptions to allowed origins in application.rb