MediaApp: Allow CSS files sourced from chrome-untrusted://media-app/*.

dark_cros_styles.css, which contains the EA semantic colors for dark
mode, was being shipped with the media app SWA package without being
linked in the HTML. The fix for this was to dynamically link the CSS in
index.ts instead, but this violates the existing SWA CSP.

Fix by updating the CSP to allow styles sourced from the 'self' source,
which should allow everything from chrome-untrusted://media-app/*.

Bug: b/166688012
Change-Id: I1a141b324470586e02418c6aa872ca3800403a88
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2379440
Commit-Queue: Patti <patricialor@chromium.org>
Auto-Submit: Patti <patricialor@chromium.org>
Reviewed-by: Trent Apted <tapted@chromium.org>
Cr-Commit-Position: refs/heads/master@{#803764}

chromeos/components/media_app_ui/media_app_guest_ui.cc

@@ -59,7 +59,8 @@ content::WebUIDataSource* CreateMediaAppUntrustedDataSource(
       network::mojom::CSPDirectiveName::ImgSrc, "img-src blob: data: 'self';");
   // Allow styles to include inline styling needed for Polymer elements.
   source->OverrideContentSecurityPolicy(
-      network::mojom::CSPDirectiveName::StyleSrc, "style-src 'unsafe-inline';");
+      network::mojom::CSPDirectiveName::StyleSrc,
+      "style-src 'self' 'unsafe-inline';");
   // TODO(crbug.com/1098685): Trusted Type remaining WebUI.
   source->DisableTrustedTypesCSP();
   return source;