Builds a working Content-Security-Policy header for a WordPress site. Two modes:
Content-Security-Policy
Output includes a Report-Only header to pilot with, plus copy-paste snippets for NGINX, Apache, Cloudflare Workers, and functions.php.