SVG generates `Couldn’t process unknown directive ‘noscript-marker’` warnings

[toolforger]

Here's some SVG weirdness to observe:

1. Open this issue in Firefox.
2. Look at the image shown below; the anvil has a white fill.
3. Click on the image. GitHub will send the raw SVG. The anvil now has a black fill. (Make sure that NoScript is on for the page.)
4. Save the image to a local file, open it in a new tab. Do a blink comparison, notice that the outline of the anvil is gone, or white-on-white, despite the <path> being declared as a black stroke.
5. Go to the tab with the SVG file from GitHub (from step 3). Open web developer tools. Reload the content.
6. Observe: The console shows two messages of Content-Security-Policy: Couldn’t process unknown directive ‘noscript-marker’. This is clearly a NoScript problem, unless something else can generate a noscript-marker directive that is not visible in Show Source. The message goes away when switching off NoScript for the GitHub host and reloading.
7. Observe: The console shows multiple messages of Content-Security-Policy: The page’s settings blocked the loading of a resource at inline (“default-src”)., usually associated with Source: fill:#ffffff;fill-opacity:1;stroke:#ffff… 350663525-cb0b0a82-a11f-42e9-968f-c20a82ddec92.svg but not always. This is likely unrelated to NoScript as it will persist with NoScript switched on or off.

Originally reported as https://github.com/RealFaviconGenerator/realfavicongenerator/issues/499 but closed there.

[toolforger]

Note that the actual display problem (filled anvil) happens with or without NoScript activated. This is merely a heads-up that NoScript may be interfering with SVG processing in an unintented way, which may or may not be harmful in contexts other than when displaying this specific SVG. No warnings appear in the console if the SVG is displayed as part of the issue, which is somewhat puzzling to me.