Fix YouTube remarkup rule being blocked by Content-Security-Policy header

Summary: Ref T13116. See PHI526. Currently, the YouTube remarkup rule writes an `<iframe ...>` but does not adjust the Content-Security-Policy appropriately.

Test Plan: Pasted a YouTube link; viewed it in Safari, Chrome and Firefox.

Maniphest Tasks: T13116

Differential Revision: https://secure.phabricator.com/D19277

src/infrastructure/markup/rule/PhabricatorYoutubeRemarkupRule.php

@@ -52,4 +52,9 @@ final class PhabricatorYoutubeRemarkupRule extends PhutilRemarkupRule {
     return $this->getEngine()->storeText($iframe);
   }
 
+  public function didMarkupText() {
+    CelerityAPI::getStaticResourceResponse()
+      ->addContentSecurityPolicyURI('frame-src', 'https://www.youtube.com/');
+  }
+
 }