feat: disable hard-coded sourcemap support via environment variable

[jimmed]

In reference to #285, this allows users to disable the hard-coded insertion of a script tag that is inserted into the generated root HTML page, by passing setting the environment variable ELECTRON_WEBPACK_DISABLE_SOURCE_MAP_SUPPORT to any non-empty value.

[Letrab]

Also prevent .map file generation here in this case: https://github.com/electron-userland/electron-webpack/blob/master/packages/electron-webpack/src/main.ts#L171 ?

(set devtool to undefined (or false))

[leo-rob]

It would be nice if also the lines about 'nodeModulePath' are allowed to be disabled with a variable like your. In my configuration with nodeIntegration disabled, contextIsolation and sandbox enabled are, these lines are the only bad things. My very badly solution is to remove both line #1 and #2 in postinstall script. In this way the 'Uncaught ReferenceError: require is not defined at (index):8' is fixed.

[geeofree]

Seconding @boris47 . I think the hardcoded require calls on the generated html files should be removed, or at least be optionally added — it forces people to use unsafe nodeIntegration: true option on the browser window.

[jimmed]

Sorry folks, I don't have any time to continue work on this PR; the suggestions are all valuable though, and I'm glad they're captured here. If anybody is keen to see this merged, feel free to fork and extend.

[j3g]

@boris47 @geeofree when I remove the lines of code ... I get an error about the global variable not defined. I tried to modify the require() to an ES6 import command. Can you share more details of how you got around this issue?

I am using electron-webpack (with webpack 5.x) and I also have "nodeIntegration disabled, contextIsolation and sandbox enabled" ... i'm looking for the tightest security