LocalizedStringProvider: nonce parameter for Content Security Policy

[Julienng]

Closes #6218

✅ Pull Request Checklist:

• [x] Included link to corresponding LocalizedStringProvider: missing nonce parameter when CSP is enabled.
• [x] Added/updated unit tests and storybook for this change (for new code or code which already has tests).
• [x] Filled out test instructions.
• [x] Updated documentation (if it already exists for this component). Would like help on where to document there
• [x] ~~Looked at the Accessibility Practices for this feature - Aria Practices~~ no concern

📝 Test Instructions:

https://github.com/adobe/react-spectrum/issues/6218 Reproduction repo and deployed test on vercel to check

🧢 Your Project:

[Julienng]

Oh i missed that one, I can work on that based on this reproduction bug repository:

https://github.com/Julienng/csp-next-and-react-aria-components-provider

[Julienng]

@snowystinger I've added the example project. It matches with the next-app but with CSP

By testing it, I noticed hydration error with CSP because the browser remove nonce parameter from the DOM before React hydration.

To circumvent that problem, I followed the same pattern as next-themes in this PR: https://github.com/pacocoursey/next-themes/pull/262

new code:

<script nonce={typeof window === 'undefined' ? nonce : ''} suppressHydrationWarning dangerouslySetInnerHTML={{__html: getPackageLocalizationScript(locale, strings)}} />;

[snowystinger]

Linking relevant React issue https://github.com/facebook/react/issues/26028

[Julienng]

Oh yeah, I had to yarn build before for the example to work. I don't know if this is expected (from the monorepo perspective)?

[snowystinger]

Oh yeah, I had to yarn build before for the example to work. I don't know if this is expected (from the monorepo perspective)?

totally fine, I think we should include instructions though. With all the different systems, I sometimes forget the commands I need to run and in what order.