Add CSP headers for doc.wikimedia.org
The domain hosts static assets generated from source code, namely
documentation. Add some Content-Security-Policy headers to restrict what
is accessible to browsers.
The Content-Security-Policy content has been proposed by @Bawolff and
would certainly cause some havoc here and there. But we get the reports
logged and would then be able to finely tune it for our purpose.
Since the header value is rather long, split it using backslashes, as
explained in Apache 2.4 configuration: