Check for implications and alternatives of `unsafe-inline`

[JakobMiesner]

Initially discussed here

We use "style-src" : {"'unsafe-inline'"} in our APP_DEFAULT_SECURE_HEADERS.
This happens for all invenio products.
This is potentially dangerous and we should check for implications (in regards to XSS) and alternatives for this.

rdm cookiecutter
https://github.com/inveniosoftware/cookiecutter-invenio-rdm/blob/4e50881575614e68ef5494af7237687831e583f5/%7B%7Bcookiecutter.project_shortname%7D%7D/invenio.cfg#L60C4-L60C5

cds rdm
https://github.com/CERNDocumentServer/cds-rdm/blob/c666912ed2ce990a59fedc3951db14014c609835/invenio.cfg#L109