Add SRI to devicepx-jetpack.js

[edent]

Is your feature request related to a problem? Please describe.

The file devicepx-jetpack.js should be loaded with SubResource Integrity.

Describe the solution you'd like

<script src="https://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201848" 
     integrity="sha384-rKZaSxCflcbBh2xopwq4/iQYBH5KqFs9AL/YgqoNj7UudLaEwoUwRSObHw/7gOtw"
     crossorigin="anonymous"></script> 

Describe alternatives you've considered

SRI is well supported in major browsers and has no negative impact on legacy browsers.

Adding SRI means that if the CDN is compromised, or the code is maliciously altered, browsers will not execute it.

Additional context

As per #10027, the CDN supports CORS.

[jeherve]

Related: #10707

Also worth noting that devicepx may go away in the future: https://github.com/Automattic/jetpack/pull/10189#issuecomment-424406791

[stale[bot]]

This issue has been marked as stale. This happened because:

• It has been inactive in the past 6 months.
• It hasn’t been labeled `[Pri] Blocker`, `[Pri] High`.

No further action is needed. But it's worth checking if this ticket has clear reproduction steps and it is still reproducible. Feel free to close this issue if you think it's not valid anymore — if you do, please add a brief explanation.