Adds csp nonce support for TagRenderer class

[BruceGitHub]

This pr. aim to resolve this
#10 (comment)
and this
#10 (comment)

Q	A
Bug fix?	no
New feature?	yes
Doc updated	no
BC breaks?	no
Deprecations?	yes
Tests pass?	yes
Fixed tickets	#10
License	MIT

I'm not expert of PR, so sorry if I made mistakes in the process or in the code. But I will be happy to solve them in that case.

My problem was use csp-nonce in Symfony app when the nonce is generated from Nginx server.
I started from master branch but he already had problems... I can solve them ?

Todo

WIP

[BruceGitHub]

NOTE:
@ohartl
I found the solution without change the code a dirty solution but works!

//First need factory to change the default value for $defaultAttributes array 
<?php
declare(strict_types=1);

use Symfony\Component\Asset\Packages;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\RequestEvent;
use Symfony\Component\HttpKernel\Event\ResponseEvent;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\WebpackEncoreBundle\Asset\EntrypointLookupCollectionInterface;
use Symfony\WebpackEncoreBundle\Asset\TagRenderer;

class NonceFactory implements EventSubscriberInterface
{
    private $entrypointLookupCollection;
    private $packages;
    private static $nonce;

    public function __construct(
        EntrypointLookupCollectionInterface $entrypointLookupCollection,
        Packages $packages
    ) {
        $this->entrypointLookupCollection = $entrypointLookupCollection;
        $this->packages = $packages;
    }

    public static function generateNonce(RequestEvent $event)
    {
        static::$nonce = mt_rand(1, 1000);
    }

    public function create(array $defaultAttributes = []): TagRenderer
    {
        $defaultAttributes['nonce'] = static::$nonce;

        return new TagRenderer($this->entrypointLookupCollection, $this->packages, $defaultAttributes);
    }

    public function addNonceToHeader(ResponseEvent $event)
    {
        $response = $event->getResponse();
        $cspHeader = "script-src 'nonce-" . static::$nonce . "';";

        $response->headers->set('Content-Security-Policy', $cspHeader);
    }

    public static function getSubscribedEvents()
    {
        return [
            KernelEvents::REQUEST => 'generateNonce',
            KernelEvents::RESPONSE => 'addNonceToHeader',
        ];
    }
}

//Then declare the service definition

  webpack_encore.tag_renderer:
    class: Symfony\WebpackEncoreBundle\Asset\TagRenderer
    factory: ['@App\NonceFactory', 'create']

  App\NonceFactory:
    tags:
      - { name: kernel.event_subscriber }

This is the response header

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.14
Cache-Control: max-age=0, must-revalidate, private
Date: Sun, 03 May 2020 21:21:21 GMT
Content-Security-Policy: script-src 'nonce-928'; <---- 
X-Debug-Token: 335f03
X-Robots-Tag: noindex
Expires: Sun, 03 May 2020 21:21:21 GMT
Content-Encoding: gzip

NOTE
The profiler uses by default the csp directive so must be turned off
because the nonce conflicts with nonce off app

web_profiler:
    toolbar: false
    intercept_redirects: false

[BruceGitHub]

@wouterj @weaverryan what think of this Pr
I close ?