expose `getNonce()` in plugins

[Jabolol]

This would allow to create custom Content-Security-Policy headers on the fly inside plugins.

Relevant discussion here

[bartlomieju]

Being addressed by PR #3709 which:

• Auto-injects nonce onto inline <script> and <style> tags during SSR
• Exposes the render nonce via X-Fresh-Nonce response header
• Adds useNonce option to the CSP middleware that replaces 'unsafe-inline' with 'nonce-{value}'

While the original request was about a getNonce() function in plugins (Fresh 1.x concept), the Fresh 2.x approach in #3709 achieves the same goal via the CSP middleware + response header, which is accessible to any middleware in the chain.