Hello ASP.NET Devs!

This PR adds Content Security Policy support for ASP.NET as a middleware. A very popular security mitigation against XSS and other injection vulnerabilities. CSP comes in many flavours, but we've chosen to add support for the most robust of them: nonce-based, strict-dynamic CSP.

Summary of the changes (Less than 80 chars)

• Allow configuration of whether CSP enabled in reporting or enforcement modes.
• Allows configuration of a report URI, for violation reports sent by the browser.
• CSP middleware generates a nonce-based, strict-dynamic policy.
• Middleware adds thepolicy to HTTP responses according to the configuration.
• Custom <script> TagHelper to set nonce attribute on script blocks automatically.
• Provides a default implementation of a CSP violation report collection endpoint.
• Example app that uses our CSP middleware and corresponding basic unit tests.

With these tools, developers can enable CSP in reporting mode, collect reports and identify and refactor existing code that is incompatible with CSP from these reports. Finally, developers will be able to switch CSP to enforcing mode, which will provide a very robust defense against XSS.

Addresses #6001 (in this specific format)

Co-authored-by: Aaron Shim - aaronshim@google.com
Co-authored-by: Santiago Diaz - salchoman@gmail.comAllows configuration of a report URI, for violation reports sent by the browser.