Update CSP configuration for Arkose integration

What does this MR do and why?

Implements https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/860.

Update CSP configuration for Arkose integration so it is fulfills requirement for the new Iframe-less Client API (CAPI).

From Arkose:

Iframe-less Client API enables enhanced detection capabilities while improving both security and data collection. It also introduces improvements in latency performance.

Specific CSP updates are required to enable the Iframe-less CAPI. ... We kindly ask that these changes be made within the next 30 days to ensure a smooth transition and continued access to the latest detection improvements.

This MR adds Arkose host value to the connect-src CSP directive as described in https://developer.arkoselabs.com/docs/domain-policy. It also updates the specs to ensure existing style-src CSP directive has 'unsafe-inline' value.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

added featureenhancement groupanti-abuse typefeature labels

assigned to @eugielimpin

changed milestone to %17.5

added devopsgovern sectionsec labels

changed the description

added pipelinetier-1 label

added backend frontend labels

	2 Warnings
	e5fc0b80: Commits that change 30 or more lines across at least 3 files should describe these changes in the commit body. For more information, take a look at our Commit message guidelines.
	featureaddition and featureenhancement merge requests normally have a documentation change. Consider adding a documentation update or confirming the documentation plan with the Technical Writer counterpart. For more information, see: The Handbook page on merge request types. The definition of done documentation.

	1 Message
	CHANGELOG missing: If this merge request needs a changelog entry, add the Changelog trailer to the commit message you want to add to the changelog. If this merge request doesn't need a CHANGELOG entry, feel free to ignore this message.

Reviewer roulette

Category	Reviewer	Maintainer
backend	@tyleramos (UTC-4, 12 hours behind author)	@theoretick (UTC-7, 15 hours behind author)
test for spec/features/*	@hmuralidhar (UTC+10, 2 hours ahead of author)	Maintainer review is optional for test for spec/features/*

Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.

If needed, you can retry the danger-review job that generated this comment.

Generated by Danger

Bundle size analysis [beta]

This compares changes in bundle size for entry points between the commits 0f1c9f97 and 331a9214

Special assets

Entrypoint / Name	Size before	Size after	Diff	Diff in percent
average	4.35 MB	4.35 MB	-	0.0 %
mainChunk	3.3 MB	3.3 MB	-	0.0 %

---

Note: We do not have exact data for 0f1c9f97. So we have used data from: f8aaad11.
The intended commit has no webpack pipeline, so we chose the last commit with one before it.

Please look at the full report for more details

---

Read more about how this report works.

Generated by Danger

Generated by gitlab_quality-test_tooling.

---

Slow tests detected in this merge request. These slow tests might be related to this merge request's changes.

Click to expand

Job	File	Name	Duration	Expected duration
#7924623516	spec/features/admin/users/users_spec.rb#L177	Admin::Users GET /admin/users when blocking/unblocking a user shows confirmation and allows blocking and unblocking	65.78 s	< 50.13 s
#7956372244	spec/features/admin/users/users_spec.rb#L177	Admin::Users GET /admin/users when blocking/unblocking a user shows confirmation and allows blocking and unblocking	66.8 s	< 50.13 s
#7971755860	spec/features/admin/users/users_spec.rb#L177	Admin::Users GET /admin/users when blocking/unblocking a user shows confirmation and allows blocking and unblocking	65.81 s	< 50.13 s
#7971765966	spec/features/admin/users/users_spec.rb#L177	Admin::Users GET /admin/users when blocking/unblocking a user shows confirmation and allows blocking and unblocking	66.77 s	< 50.13 s

added rspec:slow test detected label

added 1 commit

• 1d17e535 - Use unsafe-inline value for style-src CSP directive

Compare with previous version

changed the description

added 3 commits

• 2b711160 - Update CSP configuration for Arkose integration
• e5fc0b80 - Use unsafe-inline value for style-src CSP directive
• d7397bdf - Update spec description

Compare with previous version

changed the description

Hey @imand3r Could you do the initial backend review for this MR, please?

added workflowin review label