Pull Request for Issue #30963 cc @PhilETaylor

Summary of Changes

This does a few things:

• It fixes: #30963 by makeing sure our csp reporter endpoint catches wird browser behavior (like the one by Safari)
• It makes sure that you can only pass valid directives in the reporter
• It only allows valid directives configured in the backend
• It make sure that "none-value" directives are handled corrrectly.
• It makes sure the reporting endpoint can only be triggered when CSP is enabled & w are in detect mode
• It makes sure only site and administrtator are valid values for the client setting
• It makes sure every report is only added once by locking the table

Testing Instructions

First test

• Setup a clean instance
• apply this patch
• go to com_csp and enable detect mode
• run the site in detect mode and navigate around.
• got to com_csp again and check the reports
• enable all reports
• set the csp mode to auto
• check the frontend and make sure the header is set correctly

Seccond test

• Set the com_csp mode to custom
• setup some directives
• make sure they land correctly in csp header

Actual result BEFORE applying this Pull Request

There was to less validation in the CSP reporter endpoint.

Expected result AFTER applying this Pull Request

There is now much more validation in the CSP Reporter as well as checking for different browser behavior.

Documentation Changes Required

None.