Content Security Policy: frame-src has been deprecated

Summary

We currently set frame-src in our content security policy as seen here.

frame-src has been deprecated as seen here.

Instead we should use child-src

Improvements

Risks

Involved components

Optional: Intended side effects

Optional: Missing test coverage