Update officejs support request app for strict CSP
This is a first step to stop using "unsafe" web sections. This updates support request app to not require `script-src: unsafe-eval` and `style-src: unsafe-inline` in the CSP. Dropping `script-src: unsafe-eval` is made possible by using domsugar instead of handlebars for dynamic content. Dropping `style-src: unsafe-inline` by using CSS files instead of inline `style` attributes in the DOM. One minor regression is that the tooltips from the graph on the front page gadget will cause warning because of `unsafe-inline` and not render the series color. This application was also modernized a bit, it now uses the HTML viewer gadget to display post contents and supports translation. See merge request nexedi/erp5!1821