It looks like the embed.js script is running successfully, so the Discourse side of things is working.
However, it is then trying to create a same-origin iframe, which includes ‘parser-inserted’ script tags. That kind of strategy is not compatible with a strict-dynamic CSP.
So I think this is something which atlassian would need to fix. I came across this issue on their tracker which seems relevant (although doesn’t have much detail, or a resolution 
)