Add note on a Content Security Policy that is WASM-compatible

[ezekg]

I was hitting some hard to debug WASM load issues in Chrome because I was using a restrictive CSP:

<meta
  http-equiv="content-security-policy"
  content="default-src 'self'; script-src 'self'; object-src 'none';"
/>

This resulted in the following rather confusing WASM load error:

Uncaught (in promise) StorkError: Error while loading WASM at /stork.wasm
    at new t (storkError.ts:3:5)
    at wasmManager.ts:33:13

Apparently, in Chrome, you have to add wasm-unsafe-eval or wasm-eval to load WASM:

<meta
  http-equiv="content-security-policy"
  content="default-src 'self'; script-src 'self' 'wasm-unsafe-eval' 'wasm-eval'; object-src 'none';"
/>

One bummer is that, as far as I can tell, this is currently unsupported in Safari. Safari requires you to add unsafe-eval, which is a no-go and essentially eliminates all safeties of a good CSP.

Can we add this info to the docs for the next person?

[jameslittle230]

Interesting! I'll actually move this issue to the docs site repository and get to adding something soon.