fix: csp nonce in script-src-elem, style-src-attr and style-src-elem when using unsafe-inline

[MathiasWP]

same implementation as #11575 for script-src-elem, style-src-attr and style-src-elem.

i also refactored the CSP code to make it less hairy

---

Please don't delete this checklist! Before submitting the PR, please make sure you do the following:

• It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs
• This message body should clearly illustrate what problems it solves.
• Ideally, include a test that fails without this PR but passes with it.

Tests

• Run the tests with pnpm test and lint the project with pnpm lint and pnpm check

Changesets

• If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running pnpm changeset and following the prompts. Changesets that add features should be minor and those that fix bugs should be patch. Please prefix changeset messages with feat:, fix:, or chore:.

Edits

• Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.

[changeset-bot]

🦋 Changeset detected

Latest commit: 8be42e1

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@sveltejs/kit	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[MathiasWP]

Not sure why the tests fail, they work fine locally on my computer:

pnpm run --dir packages/kit test:cross-platform:dev:

the specific test that fails in the CI:

[eltigerchino]

Just merged main in and re-ran the tests. They're passing now 👍🏼

[Rich-Harris]

preview: https://svelte-dev-git-preview-kit-11613-svelte.vercel.app/

this is an automated message

[eltigerchino]

Thank you!