Removed Google Analytics and Google Tag Manager domains from the Content Security Policy headers to disable tracking and analytics functionality on the CRM application. This change affects both the main CSP header and the legacy X-Content-Security-Policy header for backward compatibility.
Added PATCH to the list of allowed HTTP methods in the API location block to support partial updates to resources. This aligns with RESTful API conventions and enables clients to modify specific fields without sending a full resource representation.
- Added `https://cdn.jsdelivr.net` to the `connect-src` directive in both Content-Security-Policy and X-Content-Security-Policy headers to allow connections to the CDN.
- Removed the duplicate Content-Security-Policy meta tag from the frontend/index.html file to avoid redundancy and potential conflicts.
