Here is where I landed for future readers.
Made the switch to local for font files, but because I’m using pro, I still needed an entry in the policy.
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://*.googleapis.com/ https://*.fontawesome.com/ https://*.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.fontawesome.com/; media-src *; img-src 'self' data: content:; ">
And now I understand the basics of the security policy meta!
Thanks again Dave.