Remove 'unsafe-eval' from CSP

[fregante]

'unsafe-eval' is not allowed in MV3’s manifest:

Dropping it resurfaces:

• Error thrown on Custom form submit #2946

Tasks

• Support RJSF Schema validation in strict CSP #3059
• Make all code related to Nunjucks asynchronous #4730
• Move template engine and brick evaluation to Chrome sandbox #105

Our options

1. Get RJSF to add support for an eval-less validation library (either by asking nicely or by submitting as PR). We use: npmjs.com/package/@cfworker/json-schema. (I had actually looked at AJV previously but didn't use it because of eval)
2. Move schema validation to the Chrome sandbox: Move template engine and brick evaluation to Chrome sandbox #105. This also would probably require modifying RJSF to support a custom validation function. This approach is nice because it also makes sense to move Nunjucks and JQ over there
3. Modify AJV to not require Function

[fregante]

I think this is already covered by our webpack MV3 upgrade script:

pixiebrix-extension/webpack.config.js

Line 171 in cc77c21

policy.remove("script-src", "'unsafe-eval'");

Once the RJSF fix is done, this won't require further changes.