Apply additional security recommendations (#2050)

* enable sandbox

* enable CSP (umami tentatively works?) and reduce amount of ipc APIs exposed

* remove csp from index

src/main/features/core/player/index.ts

@@ -7,9 +7,10 @@ import { pid } from 'node:process';
 import process from 'process';
 
 import { getMainWindow, sendToastToRenderer } from '../../../index';
-import { createLog, isMacOS, isWindows } from '../../../utils';
+import { createLog } from '../../../utils';
 import { store } from '../settings';
 
+import { isMacOS, isWindows } from '/@/main/env';
 import { PlayerData } from '/@/shared/types/domain-types';
 
 declare module 'node-mpv';

src/main/features/core/player/media-keys.ts

@@ -1,8 +1,8 @@
 import { BrowserWindow, globalShortcut, systemPreferences } from 'electron';
 
-import { isLinux, isMacOS } from '../../../utils';
 import { store } from '../settings';
 
+import { isLinux, isMacOS } from '/@/main/env';
 import { PlayerType } from '/@/shared/types/types';
 
 export const enableMediaKeys = (window: BrowserWindow | null) => {

src/main/features/core/remote/index.ts

@@ -9,8 +9,8 @@ import { deflate, gzip } from 'zlib';
 
 import manifest from './manifest.json';
 
+import { isLinux } from '/@/main/env';
 import { getMainWindow } from '/@/main/index';
-import { isLinux } from '/@/main/utils';
 import { QueueSong } from '/@/shared/types/domain-types';
 import { ClientEvent, ServerEvent } from '/@/shared/types/remote-types';
 import { PlayerRepeat, PlayerStatus, SongState } from '/@/shared/types/types';