fix: add raw.githubusercontent.com to CSP connect-src for Atlas map

The Atlas feature fetches country GeoJSON from GitHub raw content, which
was blocked by the Content Security Policy connect-src directive.

Closes #285

server/src/index.ts

@@ -66,6 +66,7 @@ app.use(helmet({
         "https://*.basemaps.cartocdn.com", "https://*.tile.openstreetmap.org",
         "https://unpkg.com", "https://open-meteo.com", "https://api.open-meteo.com",
         "https://geocoding-api.open-meteo.com", "https://api.exchangerate-api.com",
+        "https://raw.githubusercontent.com/nvkelso/natural-earth-vector/master/geojson/ne_50m_admin_0_countries.geojson"
       ],
       fontSrc: ["'self'", "https://fonts.gstatic.com", "data:"],
       objectSrc: ["'none'"],