docs: Fix CSP header setting of sample code (#15313)

* Fix CSP header setting of sample code

Patch for #15310

* Update docs/tutorial/security.md

Co-Authored-By: masatokinugawa <[email protected]>

docs/tutorial/security.md

@@ -364,7 +364,12 @@ handler:
 const { session } = require('electron')
 
 session.defaultSession.webRequest.onHeadersReceived((details, callback) => {
-  callback({ responseHeaders: `default-src 'none'` })
+  callback({
+    responseHeaders: {
+      ...details.responseHeaders,
+      'Content-Security-Policy': ['default-src \'none\'']
+    }
+  })
 })
 ```