travel_expense: fix CSP for manifest

Fixes error in console:

Refused to load manifest from <URL> because it violates the following
Content Security Policy directive: "default-src 'none'".
Note that 'manifest-src' was not explicitly set, so 'default-src' is
used as a fallback.

bt5/erp5_travel_expense/PathTemplateItem/web_site_module/officejs_hr.xml

@@ -357,7 +357,7 @@
         </item>
         <item>
             <key> <string>configuration_content_security_policy</string> </key>
-            <value> <string>default-src \'none\'; img-src \'self\' https://*.tile.openstreetmap.org data:; media-src \'self\' blob:; connect-src \'self\' https://localhost:5000 mail.tiolive.com data: *.host.vifib.net *.node.vifib.com *.erp5.net; script-src \'self\' \'unsafe-eval\'; font-src \'self\' netdna.bootstrapcdn.com; style-src \'self\' netdna.bootstrapcdn.com \'unsafe-inline\' data:; frame-src \'self\' data: *.app.officejs.com</string> </value>
+            <value> <string>default-src \'none\'; img-src \'self\' https://*.tile.openstreetmap.org data:; media-src \'self\' blob:; connect-src \'self\' https://localhost:5000 mail.tiolive.com data: *.host.vifib.net *.node.vifib.com *.erp5.net; script-src \'self\' \'unsafe-eval\'; font-src \'self\' netdna.bootstrapcdn.com; style-src \'self\' netdna.bootstrapcdn.com \'unsafe-inline\' data:; frame-src \'self\' data: *.app.officejs.com; manifest-src \'self\'</string> </value>
         </item>
         <item>
             <key> <string>configuration_default_view_action_reference</string> </key>
@@ -670,7 +670,7 @@
                           </tuple>
                           <state>
                             <tuple>
-                              <float>1549964409.02</float>
+                              <float>1549964409.03</float>
                               <string>UTC</string>
                             </tuple>
                           </state>