Security milestone, The first one

[Jack-Works]

Things to be done in this security milestone:

• [x] Block install scripts by default (#5731)
• [x] CVE-2021-42574 protection, should be done as a Webpack plugin. (#5443)
• [x] CVE-2021-42694 protection, same as above (#5443)
• [ ] ~~Stop using our proxy to Github packages to reduce the attack surface.~~
  • [ ] ~~Remove Circle CI?~~
• [ ] ~~Reproducible build by default~~
• [ ] ~~Compare tools for different builds~~
• [x] Enable SES lockdown (#5759)
• [ ] Enable CSP (#5770)
• [ ] Enable Trusted Types