Try fix Content Security Policy errors (take 8) (#602)

This vendors the Lato font files so we don't need to load them from
Google Fonts.

.htaccess

@@ -24,3 +24,14 @@ Redirect permanent /datafusion-python https://datafusion.apache.org/python
 
 # redirect all ballista URLs to new website
 Redirect permanent /ballista https://datafusion.apache.org/ballista
+
+# fix Safari Content Security Policy errors
+Header add Content-Security-Policy-Report-Only "default-src 'self' data: blob: https://*.apache.org/ https://www.apachecon.com/ https://www.communityovercode.org/; \
+  script-src 'self' https://*.apache.org/ 'sha256-zcLnLb0EtdHEeff3LAr93euk343CTrN0BMhlaeAD8yY=' 'sha256-eeHr1PLkM55qPqkpxjBDHGtxfQf3RvEYoENHzN4IL0Q='; \
+  style-src 'self' 'sha256-88sV2hhBstoYcag54b2hPpN+Oei7wd2Roz3k+RXEAfk=' 'sha256-B3D8HD6PV1HtGZ5Z3qkXsN6p/LAiwBn9jehRuPkMBhQ=' 'sha256-qo7STIM1L/OgU9y0De47mqod1UZFLJfTn36bRC42rfA='; \
+  frame-ancestors 'self'; \
+  frame-src 'self' data: blob:; \
+  img-src 'self' data: https://*.apache.org/; \
+  worker-src 'self' data: blob:; \
+  connect-src 'self' https://*.apache.org/ https://api.github.com/; \
+  font-src 'self' https://*.apache.org/;"

NOTICE.txt

@@ -11,3 +11,6 @@ This product includes software from https://github.com/buttons/github-buttons (B
 The deployed version of the website includes files generated by Jekyll (MIT)
  * Copyright (c) 2008-2022 Tom Preston-Werner and Jekyll contributors
  * https://github.com/jekyll/jekyll
+
+This product includes software from https://www.latofonts.com (SIL Open Font License, Version 1.1)
+* Copyright (c) 2010-2011 by Lukasz Dziedzic

_includes/top.html

@@ -3,16 +3,6 @@
   <head>
     <meta charset="UTF-8">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <meta http-equiv="Content-Security-Policy-Report-Only" content="
-      default-src 'self' data: blob: https://*.apache.org/ https://www.apachecon.com/ https://www.communityovercode.org/;
-      script-src 'self' https://*.apache.org/ 'sha256-zcLnLb0EtdHEeff3LAr93euk343CTrN0BMhlaeAD8yY=' 'sha256-eeHr1PLkM55qPqkpxjBDHGtxfQf3RvEYoENHzN4IL0Q=';
-      style-src 'self' https://fonts.googleapis.com/ 'sha256-88sV2hhBstoYcag54b2hPpN+Oei7wd2Roz3k+RXEAfk=' 'sha256-B3D8HD6PV1HtGZ5Z3qkXsN6p/LAiwBn9jehRuPkMBhQ=' 'sha256-qo7STIM1L/OgU9y0De47mqod1UZFLJfTn36bRC42rfA=';
-      frame-ancestors 'self';
-      frame-src 'self' data: blob:;
-      img-src 'self' data: https://*.apache.org/;
-      worker-src 'self' data: blob:;
-      connect-src 'self' https://*.apache.org/ https://api.github.com/;
-      font-src 'self' https://*.apache.org/ https://fonts.gstatic.com/;">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <!-- The above meta tags *must* come first in the head; any other head content must come *after* these tags -->
     {% if page.title %}
@@ -88,8 +78,6 @@
       onUpdate();
     </script>
 
-    <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Lato:300,300italic,400,400italic,700,700italic,900">
-
     <link href="{{ site.baseurl }}/css/main.css" rel="stylesheet">
     <link href="{{ site.baseurl }}/css/syntax.css" rel="stylesheet">
     <script src="{% link /javascript/main.js %}"></script>

css/main.scss

@@ -22,6 +22,22 @@ body {
   line-height: 1.52;
 }
 
+@font-face {
+  font-display: swap;
+  font-family: Lato;
+  font-style: normal;
+  font-weight: 400;
+  src: url('/assets/fonts/lato-v24-latin-regular.woff2') format('woff2');
+}
+
+@font-face {
+  font-display: swap;
+  font-family: Lato;
+  font-style: italic;
+  font-weight: 400;
+  src: url('/assets/fonts/lato-v24-latin-italic.woff2') format('woff2');
+}
+
 .footer {
   font-size: .8em;
 }