fix(scp): Tighten CSP against object-src

Add more strict `object-src 'none';` for old browsers.

Signed-off-by: Gaurav Mishra <mishra.gaurav@siemens.com>

Author: GMishx

next.config.ts

@@ -20,7 +20,9 @@ const csp = `
   img-src 'self' data: https://secure.gravatar.com https://www.gravatar.com;
   font-src 'self' data:;
   connect-src 'self' https://www.gravatar.com${isDev ? ' http://localhost:*' : ''};
+  object-src 'none';
   frame-ancestors 'self';
+  require-trusted-types-for 'script';
 `
     .replace(/\s{2,}/g, ' ')
     .trim()