doc: Document new CONTENT_SECURITY_POLICY_REPORT_ONLY env var

[frojd-trond-froding]

Also add documentation for the existing CONTENT_SECURITY_POLICY env var

Related open-webui pull request that adds the new reports only env var open-webui/open-webui#23575

[pr-validator-bot]

ℹ️ Documentation PR Guidelines

👋 Welcome! This is an automated message posted on all new documentation PRs to help guide our contributors. Just because this comment appeared doesn't mean you have done anything wrong!

Please ensure you're using the correct branches:

Target branch (where you're merging TO):

• dev branch: For documentation related to upcoming Open WebUI releases (new features, new environment variables, anything dependent on unreleased versions and unreleased features/fixes/changes)
• main branch: For content that can go live immediately (fixes, tutorials, documentation not dependent on unreleased features)

Source branch (where you're merging FROM):

• If targeting dev, create your branch from your fork's dev branch
• If targeting main, create your branch from your fork's main branch
• ⚠️ Mismatched branches can and will result in unwanted file changes being included in your PR!

If your docs PR depends on a pending PR in open-webui/open-webui:

• Convert this PR to DRAFT mode!
• Link to the related main repo PR in your description for clarity
• We'll review both together once the PR on the main repo is merged

Please adjust your PR target branch, source branch, and/or draft status accordingly if needed.