Add a CSP header for all responses that prohibits using inline JS

Migrate all code in Sealious Playground to either use stimulus controllers for their attached JS. When it's necessary to use inline JS, use the solution from the subtask of this task

If you encounter any code outside of Sealious Playground that needs migrating to not use inline code, please flag it and we'll create a separate task for that