Fix CSP for dapps that require eval. (#7867)

* Add allowJsEval to manifest.

* Enable 'unsafe-eval' if requested in manifest.

dapps/src/handlers/content.rs

@@ -82,7 +82,7 @@ impl Into<hyper::Response> for ContentHandler {
 			.with_status(self.code)
 			.with_header(header::ContentType(self.mimetype))
 			.with_body(self.content);
-		add_security_headers(&mut res.headers_mut(), self.safe_to_embed_on);
+		add_security_headers(&mut res.headers_mut(), self.safe_to_embed_on, false);
 		res
 	}
 }