@strict-csp/builder package + middleware fixes for Vercel

[nibtime]

first step of #66

• CSP typings are maintained within @strict-csp/builder package
• some hotfixes for bad middleware-related bugs that can break CSP (on Vercel only)

[changeset-bot[bot]]

🦋 Changeset detected

Latest commit: 8283af829620686628511bfc95e9b75d94a9b432

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 4 packages

| Name | Type | | --------------------- | ----- | | @strict-csp/builder | Minor | | @next-safe/middleware | Patch | | docs | Patch | | e2e | Patch |

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated
docs-next-safe-middleware	✅ Ready (Inspect)	Visit Preview	Aug 5, 2022 at 1:43PM (UTC)
e2e-next-safe-middleware	✅ Ready (Inspect)	Visit Preview	Aug 5, 2022 at 1:43PM (UTC)

[nibtime]

Manually tested the e2e app with a real iPad Pro device on Safari >=15.4 with strict-dynamic:

https://user-images.githubusercontent.com/52962482/183102609-3988f868-0480-4b22-babd-38f1a11019b6.mp4

Notes:

• Safari only serves the report-uri directive and I can confirm that violation reports are received at /api/reporting. That's why it is important to always serve both reporting directives, even though report-uri is flagged deprecated.

• Safari doesn't execute web worker inline test script with partytown