Use nonce attribute when loading scripts

[Uzlopak]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Cloud project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe your problem

In the handlebar template for scripts you could add a nonce attribute and also at the same time use CSP header to only allow the scripts to be loaded which have the correct nonce.

https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script#attr-nonce

Describe your ideal solution

Implement nonce in scripts and set CSP header accordinly.

Workarounds or alternatives

None known

Version

current

Additional Context

No response