Add GOVUK domains to script src CSP

The assets domain can't POST to the feedback form without this.

lib/govuk_app_config/govuk_content_security_policy.rb

@@ -51,6 +51,7 @@ def self.build_policy(policy)
     policy.script_src :self,
                       *GOOGLE_ANALYTICS_DOMAINS,
                       *GOOGLE_STATIC_DOMAINS,
+                      *GOVUK_DOMAINS,
                       # Allow YouTube Embeds (Govspeak turns YouTube links into embeds)
                       "*.ytimg.com",
                       "www.youtube.com",