feat: Accomodate Paypal's CAPTCHA

When Paypal wants to ensure that I'm a human instead of a robot, it attempts to embed content from hcaptcha.com in the pop-up window it uses for user sign-in, transaction confirmation, etc. The CSP defined in templates/meta.html doesn't allow for this unless we explicitly whitelist hcaptcha.com. If we don't do this, then whenever Paypal wants to issue a human-or-robot challenge, its pop-up never fully renders and the page has to be reloaded for a transaction to occur. Henceforth, this MR adds hcaptcha.com to the relevant CSP definitions which would allow it to render.