feat(buildCSPHeaders): allow merging of default directives

[sambauers]

Allow the setting of contentSecurityPolicy.mergeDefaultDirectives which allows CSP directives defined in config to be additive to the default directives defined in next-safe.

Also allow interpretation of string directives, e.g. "'self' data:" and split these in order to merge and de-duplicate against defaults.

In addition, deal with the possibility of duplicates when merging in development default CSP directives.

Update documentation to convey new option and usage.

[sambauers]

This is a feature request presented as a PR. Happy to work through any changes or preferences around how this should be implemented, or if you don't want to enable this then that's OK too.

I simply found it kind of annoying that as soon as I wanted to add another script or style source, that I had to specify the defaults again.

Provided as an "opt-in" setting in this implementation as it could have unexpected consequences for people's existing configs.

[github-actions[bot]]

:tada: This PR is included in version 3.3.0 :tada:

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot :package::rocket: