Add simple implementation of content-security-policy on scripts / styles

This needs a lot more hooks before it'll actually be a good
implementation, but for a start it can help get some feedback on if this
is the right way to go about it.

Part of servo/servo#4577

components/script/Cargo.toml

@@ -38,6 +38,7 @@ bitflags = "1.0"
 bluetooth_traits = {path = "../bluetooth_traits"}
 canvas_traits = {path = "../canvas_traits"}
 caseless = "0.2"
+content-security-policy = {version = "0.3.0", features = ["serde"]}
 cookie = "0.11"
 chrono = "0.4"
 crossbeam-channel = "0.3"