Remove Content-Security-Policy initializer in API-only Applications

Since `ContentSecurityPolicy::Middleware` is not loaded in API-only
Applications, initializer is unnecessary.
Ref: 9c10fec4c0/railties/lib/rails/application/default_middleware_stack.rb (L66..L68)

railties/lib/rails/generators/rails/app/app_generator.rb

@@ -128,6 +128,7 @@ module Rails
       active_storage_config_exist    = File.exist?("config/storage.yml")
       rack_cors_config_exist         = File.exist?("config/initializers/cors.rb")
       assets_config_exist            = File.exist?("config/initializers/assets.rb")
+      csp_config_exist               = File.exist?("config/initializers/content_security_policy.rb")
 
       config
 
@@ -155,6 +156,10 @@ module Rails
         unless assets_config_exist
           remove_file "config/initializers/assets.rb"
         end
+
+        unless csp_config_exist
+          remove_file "config/initializers/content_security_policy.rb"
+        end
       end
     end
 
@@ -432,6 +437,7 @@ module Rails
       def delete_non_api_initializers_if_api_option
         if options[:api]
           remove_file "config/initializers/cookies_serializer.rb"
+          remove_file "config/initializers/content_security_policy.rb"
         end
       end
 

railties/test/generators/api_app_generator_test.rb

@@ -72,6 +72,7 @@ class ApiAppGeneratorTest < Rails::Generators::TestCase
 
     assert_no_file "config/initializers/cookies_serializer.rb"
     assert_no_file "config/initializers/assets.rb"
+    assert_no_file "config/initializers/content_security_policy.rb"
   end
 
   def test_app_update_does_not_generate_unnecessary_bin_files
@@ -149,6 +150,7 @@ class ApiAppGeneratorTest < Rails::Generators::TestCase
          bin/yarn
          config/initializers/assets.rb
          config/initializers/cookies_serializer.rb
+         config/initializers/content_security_policy.rb
          lib/assets
          test/helpers
          tmp/cache/assets