fix gdpr issues

[msramalho]

From this comment

As for GDPR: you need explicit Consent if the underlying iframe sets cookies. some embeds have a noCookie param or domain in which case you don't. Telegram and Twitter both set cookies so you need consent here. All external data connections need to be documented in a privacy policy. Anything making a connection to a service not owned by Bellingcat would need to be documented here. This includes stuff like Google Fonts (yes, really). This also includes 3rd iframe embeds that do not set cookies as they might still log a user's IP. The use of the injected Google TagManager script w/o consent is a direct violation of GDPR as well.

We need to have a standard consent overlay when 1st visiting the platform. This overlay should not appear when ?cover=false.