Add integrity hashes for remote scripts and stylesheets

[jazairi]

Why these changes are being introduced:

It's good practice to validate checksums for external libraries. We've done this in individual apps, but it makes sense to make the change in the theme gem.

Relevant ticket(s):

• ENGX-290

How this addresses that need:

This adds integrity, crossorigin, and referrerpolicy attributes for remotely hosted scripts and stylesheets.

Side effects of this change:

I'm not totally sure how to exhaustively test these changes. I've confirmed that the scripts/stylesheets load as expected, and checked the changes locally in a few of our apps. That feels like enough, but just signaling the uncertainty here in case the reviewer has additional insight.

Developer

• All new ENV is documented in README
• All new ENV has been added to Heroku Pipeline, Staging and Prod
• ANDI or Wave has been run in accordance to
  our guide and
  all issues introduced by these changes have been resolved or opened as new
  issues (link to those issues in the Pull Request details above)
• Stakeholder approval has been confirmed (or is not needed)

Code Reviewer

• The commit message is clear and follows our guidelines
  (not just this pull request message)
• There are appropriate tests covering any new functionality
• The documentation has been updated or is unnecessary
• The changes have been verified
• New dependencies are appropriate or there were no changes

Requires database migrations?

NO

Includes new or updated dependencies?

NO

[coveralls]

Pull Request Test Coverage Report for Build 13910011954

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 88.372%

---

Totals
Change from base Build 8440026403:	0.0%
Covered Lines:	38
Relevant Lines:	43

---

💛 - Coveralls

[JPrevost]

Doh, I missed this PR. Sorry for the delay!

[jazairi]

No worries, thanks for the review!