Move default-src CSP rule to ClassProvider

It was impossible to override the default-src CSP rule inside a plugin. This commit
fixes this limitation by moving the assignation of the rule from Response class to
ClassProvider.

app/Core/Http/Response.php

@@ -220,7 +220,6 @@ class Response extends Base
      */
     public function csp(array $policies = array())
     {
-        $policies['default-src'] = "'self'";
         $values = '';
 
         foreach ($policies as $policy => $acl) {

app/ServiceProvider/ClassProvider.php

@@ -168,6 +168,7 @@ class ClassProvider implements ServiceProviderInterface
         };
 
         $container['cspRules'] = array(
+            'default-src' => "'self'",
             'style-src' => "'self' 'unsafe-inline'",
             'img-src' => '* data:',
         );