Don't use nonces in Content-Security-Policy, use hashes.

[martinemde]

This adds a concern that provides the inline_script and inline_script_content interface which allows us to declare and then render inline scripts in a way that is compatible with computing hashes.

The nonce is not ideal because it gets cached by Fastly, with each page caching a different nonce based on the user requests that happened to be cached. Not very nonce-y.

This also remove the nonce hack that caused some session generation problems originally, even though they are fixed now.

[codecov]

Codecov Report

Attention: 2 lines in your changes are missing coverage. Please review.

Comparison is base (89b2171) 97.13% compared to head (9855722) 96.87%.

Files	Patch %	Lines
app/controllers/concerns/inline_scripts.rb	94.44%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4464      +/-   ##
==========================================
- Coverage   97.13%   96.87%   -0.26%     
==========================================
  Files         385      386       +1     
  Lines        8200     8236      +36     
==========================================
+ Hits         7965     7979      +14     
- Misses        235      257      +22     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[martinemde]

The avo inline script needs to be updated to fix the tests.