Update security-headers doc (#41312)

<!--
Thanks for opening a PR! Your contribution is much appreciated.
To make sure your PR is handled as smoothly as possible we request that
you follow the checklist sections below.
Choose the right checklist for the change that you're making:
-->

## Documentation / Examples

- [ ] Make sure the linting passes by running `pnpm lint`
- [ ] The "examples guidelines" are followed from [our contributing
doc](https://github.com/vercel/next.js/blob/canary/contributing/examples/adding-examples.md)

Just fixing an error in the documentation where the text doesn't match
what the code snippet is doing.

Co-authored-by: JJ Kasper <jj@jjsweb.site>

docs/advanced-features/security-headers.md

@@ -130,9 +130,9 @@ const ContentSecurityPolicy = `
 
 When a directive uses a keyword such as `self`, wrap it in single quotes `''`.
 
-In the header's value, replace the new line with an empty string.
+In the header's value, replace the new line with a space.
 
-```jsx
+```js
 {
   key: 'Content-Security-Policy',
   value: ContentSecurityPolicy.replace(/\s{2,}/g, ' ').trim()