Allow OneTrust script in SAML group pages

What does this MR do and why?

Currently, the Cookie Preferences button in the SAML group pages is not displaying the cookie menu. This is caused by the following CORS problem:

Refused to connect to 'https://cdn.cookielaw.org/consent/7f944245-c5cd-4eed-a90e-dd955adfdd08/7f944245-c5cd-4eed-a90e-dd955adfdd08.json' because it violates the following Content Security Policy directive: "connect-src 'self' wss://gitlab.com https://sentry.gitlab.net https://new-sentry.gitlab.net https://collector.prd-278964.gl-product-analytics.com snowplow.trx.gitlab.net".

Adding the OneTrust content security policy header resolves the issue.

In addition, we set the preferred_language cookie so the language switcher doesn't crash.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screen_Recording_2024-01-23_at_18.34.39

How to set up and validate locally

To check the issue, open the web console in Chrome and go to https://gitlab.com/groups/gitlab-com/-/saml/sso

To see it working locally (like in the movie above), one needs to enable SAML.

ee/app/controllers/groups/sso_controller.rb

@@ -2,8 +2,11 @@
 
 class Groups::SsoController < Groups::ApplicationController
   include InternalRedirect
+  include OneTrustCSP
+
   skip_before_action :group
 
+  before_action :init_preferred_language
   before_action :authenticate_user!, only: [:unlink]
   before_action :require_group_saml_instance!
   before_action :require_licensed_group!, except: [:unlink]