fix: add additional content security policy reccomendations

[vietle-aws]

Commit summary:

feat: add content security policy reccomendations to requests without csp

Description of changes:

• Adding "frame-ancestors 'self'; report-uri /jupyter/default/api/security/csp-report; default-src 'none'; upgrade-insecure-requests; base-uri 'none'" to content security policy
• Upgrading to 0.3.5

Why:

• These are security enhancements for aws-jupyter-proxy client/server interactions
• upgrade-insecure-requests; Replace insecure traffic (served over HTTP) with secure traffic
• base-uri 'none'; Restricts the URLs which can be used in a document's element

Verification:

• Run python -m build on master branch of https://github.com/danpilgrim-aws/aws-jupyter-proxy to produce .whl file
• Verify it is commit e9e1500
• Install the new version of aws-jupyter-proxy in studio by following the steps similar to those in https://quip-amazon.com/R23FATWP96c5/AXIS-M8-BugBash#temp:C:cbB5891fd28f26a4c29ba944033f to install the 0.3.4 build .whl file.

pip uninstall aws_jupyter_proxy -y
pip install aws_jupyter_proxy-0.3.5-py3-none-any.whl
nohup supervisorctl -c /etc/supervisor/conf.d/supervisord.conf restart jupyterlabserver > /dev/null 2>&1 &

• Use pip list to verify aws_jupyter_proxy-0.3.5 is installed
• Make a network call through Axis without Content-Security-Policy header specified and the call will have a content security policy specified when returned

[pilgd-aws]

Reviewed and approved. LGTM