chore: move Google font from CSP style-src

directive to font-src directive since Roboto font tag changed from
a text/css type to a font type

benefits/settings.py

@@ -353,12 +353,18 @@ def RUNTIME_ENVIRONMENT():
 CSP_STYLE_SRC = [
     "'self'",
     "'unsafe-inline'",
-    "https://fonts.googleapis.com/css",
     "https://cdn.jsdelivr.net/npm/[email protected]/dist/",
 ]
 env_style_src = _filter_empty(os.environ.get("DJANGO_CSP_STYLE_SRC", "").split(","))
 CSP_STYLE_SRC.extend(env_style_src)
 
+CSP_FONT_SRC = [
+    "'self'",
+    "https://fonts.googleapis.com/css",
+]
+env_font_src = _filter_empty(os.environ.get("DJANGO_CSP_FONT_SRC", "").split(","))
+CSP_FONT_SRC.extend(env_font_src)
+
 # Configuration for requests
 # https://requests.readthedocs.io/en/latest/user/advanced/#timeouts