fix: remove CSPNonce from Matomo script (not implemented in backend)

ISSUE: Matomo analytics not loading in production

ROOT CAUSE:
- Matomo script had nonce="{{.CSPNonce}}" attribute
- Go backend doesn't generate CSPNonce template variable
- Empty nonce attribute caused CSP to block the script in production

FIX:
- Removed nonce attribute from Matomo script tag
- CSP header already includes 'unsafe-inline' so nonces not needed
- Script now loads correctly in both localhost and production

VERIFICATION:
- Matomo will now load and track pageviews in production
- Check browser console for _paq object
- Verify tracking in Matomo dashboard

templates/index.html

@@ -192,8 +192,8 @@
     <!-- External JavaScript - CSP Compliant -->
     <script src="/static/js/main.js"></script>
 
-    <!-- Matomo Analytics - Nonce-based CSP -->
-    <script nonce="{{.CSPNonce}}">
+    <!-- Matomo Analytics -->
+    <script>
         var _paq = window._paq = window._paq || [];
         /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
         _paq.push(['trackPageView']);