DEV: Remove blob: workers from CSP (#10440)

Ace editor is reconfigured to load workers directly from their JS URL. Workers must be on the same origin as the site, so they will not use the CDN.

lib/content_security_policy/default.rb

@@ -63,8 +63,7 @@ class ContentSecurityPolicy
 
     def worker_src
       [
-        "'self'",
-        "blob:",
+        "'self'", # For service worker
         *script_assets(worker: true)
       ]
     end