Add setting to not use inline JS for CSP #4
Description
I'm using a custom template for Olympia but it might be nice to add a conditional to not have the various inline script output in the templates for users that are going to have CSP enabled.
Also the FAQ for recaptcha mentions the settings for CSP. The docs could mention that reCaptcha v2 is required for CSP support (so using the HumanCaptchaField (Should this be called NoCaptchaField) for this)) and what the settings are: see https://developers.google.com/recaptcha/docs/faq#im-using-content-security-policycsp-on-my-website-how-can-i-configure-it-to-work-with-recaptcha for what the CSP header settings need to include.
You might also want to point people to using the nocaptcha stuff (recaptcha v2) by default since afaik it's superceded v1.