remove inline javascript

• discuss_data/templates/base.html:43-45
• discuss_data/templates/core/_pagination.html:35-45
• discuss_data/templates/dddatasets/prep/_tag_add_control.html:27-29
• discuss_data/templates/ddusers/_tags.html:35-48
• discuss_data/templates/dhrep/_getToken.html:15-21

afterwards, reintroduce CSP configuration Header set Content-Security-Policy "default-src \'self\';"