Bug 1859605 Allow MNET remote peer to be included in CSP

When using Mahara preview from Moodle grading interface, this initiates
an MNET jump inside an iframe, which fails due to the remotewwwhost not
being specified inside the Content-Security-Policy. Mahara does make
this configurable, but not from inside the MNET workflow by default.

Change-Id: I26cd51f98e7b1880367eedadfaad41aad3a88138
behatnotneeded: Requires MNET to be configured