static ACCOUNT_CSP: &[&str]Expand description
CSP for account-management HTML pages. The global CSP has form-action 'none' and sandbox (which both block form submission).
SetResponseHeaderLayer::if_not_present means our header takes precedence.
Styles are served from /_tuwunel/oidc/account.css so style-src 'self'
suffices.