Semantically Sound Analysis of Content Security Policies