Fix 0011826: All inline JavaScript now removed

The MantisBT code base is now free of inline JavaScript code. We can
therefore tighten Content-Security-Policy settings to disallow execution
of any inline JavaScript.

This is a major security milestone for browsers supporting
Content-Security-Policy (currently Firefox 4). In the event of a XSS bug
anywhere within MantisBT, JavaScript code can no longer be executed as
part of an XSS exploit. Firefox 4 users are therefore exposed to much
less risk - so much so that any future MantisBT XSS vulnerabilities will
likely be a non-issue.