feat: allow applications to set crossorigin attribute

[stfsy]

hi @camsong

this PR will allow applications to set the crossorigin attribute on the script tag. This allows for more finegrained control over cross-origin resources especially when used together with https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy.

A document can only load resources from the same origin, or resources explicitly marked as loadable from another origin. If a cross origin resource supports CORS, the crossorigin attribute or the Cross-Origin-Resource-Policy header must be used to load it without being blocked by COEP.

The feature is backwards-compatible as it is disabled by default.

[camsong]

Thanks very much for your contribution, I just released https://github.com/camsong/fetch-jsonp/releases/tag/v1.3.0 Have a nice day.