security: tighten CSP (`connect-src`)
Besides WebRTC, currently we only connect to the broker and the server, so only allowing the extension to connect to those servers should improve security.
Later, if/when we allow to connect to any address (e.g. snowflake#40166), we may keep the CSP to only allow
wss: connections, and
Also need to keep configurability in mind, i.e. if users want to switch to a custom broker/relay.