Refactor policy config to config entities

Problem/Motivation

With the possibility of specifying policies for more specific circumstances, moving each policy to its own config entity would keep config more manageable. csp.settings would remain for globally applied config.

✨ Provide different CSP policy for private files Active
#2868079: Add a default Content-Security-Policy-header for svg files →

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Policy config would be stored in separate entities instead of under a key in csp.settings