feat: Add Content Security Policy header and move Plausible script to HTML head with beforeInteractive strategy.

app/layout.tsx

@@ -35,13 +35,15 @@ export default function RootLayout({
 }>) {
   return (
     <html lang="en">
-      <body className={`${geistSans.variable} ${geistMono.variable}`}>
+      <head>
         <Script
           defer
           data-domain="hoerdle.elpatron.me"
           src="https://plausible.elpatron.me/js/script.js"
-          strategy="afterInteractive"
+          strategy="beforeInteractive"
         />
+      </head>
+      <body className={`${geistSans.variable} ${geistMono.variable}`}>
         {children}
         <InstallPrompt />
         <AppFooter />