Trusted types

[henrym2]

Linked to issue #233

This PR extends the current CSP configuration within the Nelmio Security bundle to include the new Trusted-Types policy headers

• trusted-types: <POLICY NAMES>
• require-trusted-types-for: <DOM-SINK>

These directives interface with the new trusted types feature, with the hopes of reducing DOM based XSS sinks. They instruct user agents to restrict usage of known DOM XSS sinks to a predefined set of functions or Policies. Resources linked at the end of this description describe the spec for trusted types and their Benifits.

• MDN Trusted Types
• Prevent DOM-based cross-site scripting vulnerabilities with Trusted Types
• W3C specifications for Trusted types and headers