WIP Allow dynamic nonce for Content Security Policy

[leleuj]

This PR is ready for merge but tagged as "WIP" to wait after the 7.1.0 release.

As explained in this guide: https://content-security-policy.com/nonce/, the "nonce" information of the "Content-Security-Policy" header should be a random value different for every HTTP request. This PR provides the ability to use the specific value @nonce@ to get a generated random value (also available in the request).

Unit tests have been updated accordingly.