Make XSRF token and CSP nonce injection generic

[maramihali]

Currently, in order to avoid cloning a template every time we inject a XSRF token or a CSP nonce, we extended the safehttp.TemplateResponse with a FuncMap field. This contains the name to function mappings of the template i.e. for a {{XSRFToken}} template function, the FuncMap will contain an element similar to:

"XSRFToken": func() string { return "XSRFTokenValue" }

In the safehtml/template package, when the template is parsed the value "XSRFTokenValue" will be then applied to the template function. This design is, however, very specific to the safehtml/template API and we should find a more general solution.