Add csp to all responses

[AlexRMU]

Describe the problem

It seems that now CSP headers are added only to html responses. However, probably some CSP should also be added to other responses.

https://stackoverflow.com/questions/68886438/why-should-we-include-csp-headers-in-the-http-response-for-an-api https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html#security-headers

Describe the proposed solution

Kit can add frame-ancestors "none" on its own if CSP is enabled. Or you can write about it in the documentation so that the user can add it himself.

Alternatives considered

No response

Importance

nice to have

Additional Information

No response