Add a content security policy for the KaiOS app

This is for defence in depth against security holes either in Puzzles or
in the KaiAds API.  I haven't found any documentation of what KaiAds'
CSP requirements are, but allowing scripts and frames from *.kaiads.com
seems to be enough to let the test adverts work.

kaios/manifest.pl

@@ -66,5 +66,10 @@ print JSON::PP->new->canonical->encode({
             description => "Required to display advertisements"
         },
     },
+    csp => "default-src 'self';
+            script-src  'self' https://*.kaiads.com;
+            style-src   'self' 'unsafe-inline';
+            frame-src   'self' https://*.kaiads.com;
+            img-src     'self' data:;"               =~ s/\s+/ /gr,
     $decvers ? (version => $decvers) : (),
 })