Clarify interaction between unsafe-eval and TrustedScript.

[mikesamuel]

@lweichselbaum @koto

Per https://twitter.com/we1x/status/1113340867409076224 since TT with eval/Function guards provides similar protection to CSP without unsafe eval, maybe it's worth clarifying how an application might provide degraded service when TT is not available but take advantage of TT where it is.

---

Should a CSP policy without unsafe-eval prevent eval(myTrustedScriptValue)?

I'm leaning no since unsafe-eval in a CSP header can't be contingent on trusted-types being supported.

---

If unsafe-eval is present, does trusted-types guard eval(x)/Function(x)/import(...) at all?

---

Similarly for wasm-unsafe-eval?