Update security headers

[maximilianoertel]

Proposed changes

This PR updates the security headers configured in the firebase.json file, primarily to improve the Content Security Policy (CSP) for the ROAR Dashboard.

Initially, the updated CSP will be deployed in a report-only mode with reporting to Sentry. This will allow us to test and monitor the proposed CSP changes, and identify any potential issues or violations before promoting the changes to a strict enforcement mode.

For local development, the Vite dev server parses the staging configuration and injects the CSP with strict enforcement in order to identify issues early in the development lifecycle.

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Refactoring (non-breaking change that does not add functionality but makes code cleaner or more efficient)
• Documentation Update
• Tests (new or updated tests)
• Style (changes to code styling)
• CI (continuous integration changes)
• Repository Maintenance
• Other (please describe below)

Checklist

• I have read the guidelines for contributing.
• The changes in this PR are as small as they can be. They represent one and only one fix or enhancement.
• Linting checks pass with my changes.
• Any existing unit tests pass with my changes.
• Any existing end-to-end tests pass with my changes.
• I have added tests that prove my fix is effective or that my feature works.
• If this PR fixes an existing issue, I have added a unit or end-to-end test that will detect if this issue reoccurs.
• I have added JSDoc comments as appropriate.
• I have added the necessary documentation to the roar-docs repository.
• I have shared this PR on the roar-pr-reviews channel (if I have access)
• I have linked relevant issues (if any)

Justification of missing checklist items

n/a

Further comments

n/a

Ref https://github.com/yeatmanlab/roar-project-management/issues/438

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	Unknown%	0 / 0
🔵	Statements	Unknown%	0 / 0
🔵	Functions	Unknown%	0 / 0
🔵	Branches	Unknown%	0 / 0

File Coverage

No changed files found.

Generated in workflow #1200 for commit 8dc3444 by the Vitest Coverage Report Action

[cypress]

roar-dashboard-e2e    Run #10276

Run Properties:   Passed #10276  •  8dc344456c: E2E Tests for PR 998 "Update security headers" from commit "8dc344456c62807f411f...

Project	roar-dashboard-e2e
Branch Review	enh/438/security-headers
Run status	Passed #10276
Run duration	03m 46s
Commit	8dc344456c: E2E Tests for PR 998 "Update security headers" from commit "8dc344456c62807f411f...
Committer	Maximilian Oertel
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	0
Pending	0
Skipped	0
Passing	14
View all changes introduced in this branch ↗︎

[github-actions]

Visit the preview URL for this PR (updated for commit 8dc3444):

https://roar-staging--pr998-enh-438-security-hea-7h2prpsc.web.app

_{(expires Tue, 21 Jan 2025 23:51:48 GMT)}

_{🔥 via Firebase Hosting GitHub Action 🌎}

_{Sign: 2631e9c58fd0104ecbfddd72a62245ddac467460}