make the web ui more to chrome's liking

[moneromooo-monero]

chrome does not like setting innerHTML, because it might be vulnerable to injection, but since we don't add user controlled data, we're fine

require-trusted-types-for 'script'; trusted-types default; needs adding to Content-Security-Policty, see:

https://stackoverflow.com/questions/62810553

[jtgrassie]

Interesting. Pretty sure this will need to be a child of <head> (not <html>), to pass validation though.

[moneromooo-monero]

Confirmed to work after the move.