Refactors, Features, and some small Breaking Changes

Breaking Changes:

• disableCspPlugin in HtmlWebpackPlugin options has been removed, and replaced by cspPlugin.enabled to be more inline with the enabled flag on the CspHtmlWebpackPlugin
• Disabling the plugin in any way will now not touch the original HTML. Previously we were attempting to look for an empty CSP policy meta tag and remove that, but this will no longer be done.

New Features:

• Policies can now be defined in the HtmlWebpackPlugin instance via cspPlugin.policy to allow individual policies to be created per HtmlWebpackPlugin
• Nonce attrs will now be added onto externally loaded scripts
• If no csp meta tag is defined, one will be added as the very first tag in the head of the document.
• strict-dynamic is now backwards compatible with CSP2 by ensuring it's the last defined source in a particular policy
• Basic policy validations are now in place to ensure that all static sources are properly quoted