Feature Request: support for `manifest-src` CSP directive

[rccyx]

I think it would be nice to have a manifest source directive

Content-Security-Policy: manifest-src https://trusted.com https://also.trusted.com;