Improve Content Security Policy Description

Describe the bug The Content Security Policy Plugin description could use some tweaking to help users understand what it’s doing and or alerting on. The evidence provided is showing the existing CSP, but when it alerts, it’s unclear that it’s trying to tell you that a MISSING or overly lax setting is set in one of the headers. Today, the scanner (I think) is looking for these values existence and weakness of setting

script-src, style-src, img-src, frame-ancestors, connects-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, prefetch-src, form-action

https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/ContentSecurityPolicyScanRule.java

Feedback from users is that when A value or multiple values exist and are correct, the alert description and evidence make it seem like the value in the evidence is what is being alerted upon, even though it is likely correct.

To Reproduce Steps to reproduce the behavior:

1. Run scan with the CSP checker turned on with a website with a single CSP value
2. View the alert description and evidence
3. Become confused… 😃

Expected behavior The description of the alert possibly should mention what headers and values it’s looking for and indicate the evidence is pointing out MISSING settings and or weak values.

Software versions

• ZAP: 2.11
• Add-on: Content Security Policy Passive Scan Rule (https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/ContentSecurityPolicyScanRule.java)
• OS: NA
• Java: NA
• Browser: NA

Would you like to help fix this issue? Maybe, if this is simply adding text to the description. 😃