Implement CSP check for Trusted Types (#36363)

The algorithm [1] is implemented in the content-security-policy
package.

Requires
https://github.com/rust-ammonia/rust-content-security-policy/pull/56
This is part of #36258

[1]:
https://w3c.github.io/trusted-types/dist/spec/#abstract-opdef-should-trusted-type-policy-creation-be-blocked-by-content-security-policy

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>

components/script/dom/trustedtypepolicyfactory.rs

@@ -3,6 +3,7 @@
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
 use std::cell::RefCell;
 
+use content_security_policy::CheckResult;
 use dom_struct::dom_struct;
 use html5ever::{LocalName, Namespace, QualName, local_name, namespace_url, ns};
 use js::rust::HandleValue;
@@ -52,13 +53,21 @@ impl TrustedTypePolicyFactory {
         global: &GlobalScope,
         can_gc: CanGc,
     ) -> Fallible<DomRoot<TrustedTypePolicy>> {
-        // TODO(36258): implement proper CSP check
         // Step 1: Let allowedByCSP be the result of executing Should Trusted Type policy creation be blocked by
         // Content Security Policy? algorithm with global, policyName and factory’s created policy names value.
-        let allowed_by_csp = true;
+        let (allowed_by_csp, violations) = if let Some(csp_list) = global.get_csp_list() {
+            csp_list.is_trusted_type_policy_creation_allowed(
+                policy_name.clone(),
+                self.policy_names.borrow().clone(),
+            )
+        } else {
+            (CheckResult::Allowed, Vec::new())
+        };
+
+        global.report_csp_violations(violations);
 
         // Step 2: If allowedByCSP is "Blocked", throw a TypeError and abort further steps.
-        if !allowed_by_csp {
+        if allowed_by_csp == CheckResult::Blocked {
             return Err(Error::Type("Not allowed by CSP".to_string()));
         }