- "Protect" against a rather lame JavaScript-based

  Privoxy detection "attack" and check the referrer
  before delivering the CGI style sheet.
- Move referrer check for unsafe CGI pages into
  referrer_is_safe() and log the result.
- Map @url@ in cgi-error-disabled page.
  It's required for the "go there anyway" link.
- Mark *csp as immutable for grep_cgi_referrer().