Apply CSP default-src hash values to script-src and style-src.
This fixes a minor bug where we forgot to add hash values in the
default-src CSP directive to the list of hash algorithms seen. Thus,
when the hash whitelist was checked for inline styles and scripts, the
CSP potentially might believe that no algorithms have been seen, so the
whitelist check would skip all of the stored hash values.
This fixes the bug by adding the algorithms to the list of algorithms
seen when a default-src directive is reached.