Better CSP support

[Chenalejandro]

Currently, to make components work with csp, we need to add a lot of hosts (for example: https://http2.mlstatic.com https://*.mercadopago.com, https://*.mercadolibre.com), in some cases even needing to add 'unsafe-inline' to the script-src.

The better way is to have a nonce prop, so the sdk can pass the nonce to the scripts.

[AleFossati]

Hello @Chenalejandro.

From my understanding, your suggestion is that the sdk should add policies for all sources consumed by the project, is that right?
Can you elaborate a bit more and show us which problems you are having right now?

Thanks.