In short: Because that's not what the CSP does.
According to the CSP Processing Model, CSP should not interfere with the operation of browser add-ons or extensions installed by the user. This feature of CSP effectively allows any add-on or extension to inject script into web sites, regardless of the origin of that script, and thus be exempt to CSP policies. The W3C Web Application Security Working Group considers such script to be part of the Trusted Computing Base implemented by the browser; however, some consider this exemption to be a potential security hole that could be exploited by malicious or compromised add-ons or extensions.