Add SRI hashes to Choices.js CDN tags for consistency with Bootstrap

Code review (on 748c7c7) flagged that Bootstrap CDN tags in base.html
use integrity=sha384-... + crossorigin=anonymous, but the Choices.js
tags added in Task 7 did not. Since both are admin-only privileged
contexts and Bootstrap sets the precedent, Choices.js should match.

Hashes computed from cdn.jsdelivr.net/npm/choices.js@10.2.0 via
  curl ... | openssl dgst -sha384 -binary | openssl base64

No behavior change when the CDN is healthy; defense against a
compromised CDN serving altered bytes.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

core/templates/core/_report_config_modal.html

@@ -134,8 +134,14 @@
 {# === CHOICES.JS — multi-select enhancement (admin-only) === #}
 {# Loaded CDN-only; falls back to native <select multiple> if the CDN fails. #}
 {% if user.is_staff or user.is_superuser %}
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/choices.js@10.2.0/public/assets/styles/choices.min.css">
-<script src="https://cdn.jsdelivr.net/npm/choices.js@10.2.0/public/assets/scripts/choices.min.js" defer></script>
+<link rel="stylesheet"
+      href="https://cdn.jsdelivr.net/npm/choices.js@10.2.0/public/assets/styles/choices.min.css"
+      integrity="sha384-9oHz8X4XgvL+WkhPjPTMHviP0FM/eWUHWFmAVXKJ3PnbIK8Vi2ranPMgb0LZhaeQ"
+      crossorigin="anonymous">
+<script src="https://cdn.jsdelivr.net/npm/choices.js@10.2.0/public/assets/scripts/choices.min.js"
+        integrity="sha384-9r5e85TmdjVjyjYzZAV3TG5A6tcrmD7JjNBGfT2r1wp9txUPttent/DMiMuOwRNG"
+        crossorigin="anonymous"
+        defer></script>
 <script>
 (function() {
     document.addEventListener('DOMContentLoaded', function() {