chore: Allow targetting locally running backend

[akshaymankar]

Description

http://localhost:4570 serves the fake S3 service when running backend locally. So it needs to be part of connect-src in the CSP header.

The backend doesn't run with TLS for client API locally, so it needs to be connected to without TLS. If the webapp server runs on TLS, the websocket connection is automatically upgraded to TLS too, so the webapp server also needs to run without TLS.

Finally there were some CSP issues when running webapp server on runs on http://local.zinfra.io:8081, moving it to http://localhost:8081 fixes it. I am not sure what this one is.

Screenshots/Screencast (for UI changes)

Checklist

• PR has been self reviewed by the author;
• Hard-to-understand areas of the code have been commented;
• If it is a core feature, unit tests have been added;

Important details for the reviewers

(Delete this section if unnecessary)

• can be reviewed commit-by-commit

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 46.46%. Comparing base (be2c022) to head (818fa89).
Report is 2 commits behind head on dev.

Additional details and impacted files

@@           Coverage Diff           @@
##              dev   #17844   +/-   ##
=======================================
  Coverage   46.46%   46.46%           
=======================================
  Files         770      770           
  Lines       25133    25133           
  Branches     5744     5745    +1     
=======================================
  Hits        11677    11677           
  Misses      11986    11986           
  Partials     1470     1470           

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[tlebon]

thanks for supporting the web team, we are hiring ;)