fix: CSP — add Tauri IPC protocol to connect-src

The strict CSP from the security audit was blocking Tauri's invoke()
IPC mechanism. Added ipc: and ipc.localhost origins to connect-src,
and 'unsafe-eval' to script-src for Next.js dev mode compatibility.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: Oliver Baer

src-tauri/tauri.conf.json

@@ -29,7 +29,7 @@
       }
     ],
     "security": {
-      "csp": "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https://api.openai.com https://api.anthropic.com https://api.deepgram.com wss://api.deepgram.com https://api.assemblyai.com https://huggingface.co; font-src 'self'"
+      "csp": "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' ipc: http://ipc.localhost https://ipc.localhost https://api.openai.com https://api.anthropic.com https://api.deepgram.com wss://api.deepgram.com https://api.assemblyai.com https://huggingface.co; font-src 'self'"
     },
     "macOSPrivateApi": true
   },