Fine Grain control for hashes and nonces

[AnujRNair]

Summary

This change removes the devAllowUnsafe setting (which was a bit cryptic as to what it did) and instead introduces more fine grain control over when hashes and nonces are allowed to be included in a policy.

You can now set this by changing settings in additionalOptions or in cspPlugin as follows:

  hashEnabled: {
    'script-src': true,
    'style-src': true
  },
  nonceEnabled: {
    'script-src': true,
    'style-src': true
  }

These can be enabled disabled globally for all HtmlWebpackPlugin instances, or on an individual level for deeper customization

Requirements (place an x in each [ ])

• [x] I've read and understood the Contributing Guidelines and have done my best effort to follow them.
• [x] I've read and agree to the Code of Conduct.
• [x] I've written tests to cover the new code and functionality included in this PR.
• [x] I've read, agree to, and signed the Contributor License Agreement (CLA).

[codecov[bot]]

Codecov Report

Merging #29 into master-v3 will not change coverage. The diff coverage is 100%.

@@            Coverage Diff            @@
##           master-v3     #29   +/-   ##
=========================================
  Coverage       93.8%   93.8%           
=========================================
  Files              2       2           
  Lines            113     113           
  Branches          21      21           
=========================================
  Hits             106     106           
  Misses             6       6           
  Partials           1       1

Impacted Files	Coverage Δ
plugin.js	92.3% <100%> (ø)	:arrow_up:

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update b6d8fca...65d6c69. Read the comment docs.