CSP types need to be more flexible

[jimsimon]

Helmet allows the CSP directives object to contain arbitrary key-value pairs. The current typings for koa-helmet don't reflect this, so trying to do the following results in a type error:

app.use(helmet.contentSecurityPolicy({
  directives: {
    manifestSrc: ["'self'"]
  }
}));

There are several other missing directives, so it might make the most sense to just make this type definition more flexible instead of trying to maintain the list of possible options (that's what the underlying helmet library did helmetjs/helmet#328).