Fix Content-Security-Policy headers on "Email Login" page
In D20100, I changed this page from returning a newPage() with a dialog as its content to returning a more modern newDialog().
However, the magic to add stuff to the CSP header is actually only on the newPage() pathway today, so this accidentally dropped the extra "Content-Security-Policy" rule for Google.
Lift the magic up one level so both Dialog and Page responses hit it.
- Configured Recaptcha.
- Between D20100 and this patch: got a CSP error on the Email Login page.
- After this patch: clicked all the pictures of cars / store fronts.
Reviewed By: amckinley
Differential Revision: https://secure.phabricator.com/D20163