ci(caddy): update Content-Security-Policy for Google Fonts and scripts

Updated the Content-Security-Policy header to include Google Fonts and Google Analytics domains:
- Added `https://www.gstatic.com` to `script-src`, `script-src-elem`, `img-src`, and `font-src` directives
- Removed duplicate `script-src` and `style-src` entries in the policy
- Ensured all relevant directives properly include the new domains

flutter/Caddyfile

@@ -2,7 +2,7 @@
     root * /usr/share/caddy
 
     header {
-        Content-Security-Policy "default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' https: http: ws: wss:; worker-src 'self' blob:"
+        Content-Security-Policy "default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' https://www.gstatic.com; script-src-elem 'self' 'unsafe-inline' https://www.gstatic.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://www.gstatic.com; font-src 'self' data: https://www.gstatic.com; connect-src 'self' https: http: ws: wss:; worker-src 'self' blob:;" script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' https: http: ws: wss:; worker-src 'self' blob:"
     }
 
     @staticAssets {
@@ -25,12 +25,12 @@
     handle /api/* {
         reverse_proxy recipe-api:8080
     }
-
+
-    # SPA-routing – returnera alltid index.html för okända paths
+    # SPA-routing – returnera alltid index.html för okända paths
-    handle {
+    handle {
-        try_files {path} /index.html
+        try_files {path} /index.html
-        file_server
+        file_server
-    }
+    }
-
+
-    encode gzip
+    encode gzip
-}
+}