Fix site for new Apache CSP

Some parts of https://flagon.apache.org/ are broken since the new apache content security policy (https://infra.apache.org/csp.html). The new CSP blocks all third party content, so the jQuery, D3, fonts etc. references in the site code fail. One solution would be to download needed packages and host them in our source, but it would also be worthwhile to prune the site's third party dependencies. 