fix(security): block unsafe inline stylesheets

Removes 'unsafe_inline' from the style_src nginx directive to prevent
inline stylesheets from being loaded.

See https://ghe/HMDA-Operations/hmda-devops/issues/4529
Fixes #2480

Author: contolini

nginx/nginx.conf

@@ -30,7 +30,7 @@ http {
   "default-src 'self' blob:; 
   script-src 'self' 'nonce-$request_id' blob: data: https://dap.digitalgov.gov https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://*.cfpb.gov https://www.consumerfinance.gov https://*.mouseflow.com; 
   img-src 'self' blob: data: https://www.googletagmanager.com https://www.google-analytics.com https://raw.githubusercontent.com; 
-  style-src 'self' 'unsafe-inline'; 
+  style-src 'self';
   font-src 'self' data:; 
   object-src 'none'; 
   frame-src 'self' https://www.youtube.com/ https://ffiec.cfpb.gov/;