feat: Add nonce-based CSP implementation (WIP)

DRAFT: This is a work-in-progress implementation of nonce-based CSP.

Implements:
- Nonce generation in middleware using crypto.randomUUID()
- CSP header with nonce for script-src and style-src
- 'strict-dynamic' to allow scripts loaded by nonced scripts
- Nonce passed to layout via x-nonce header
- Script components use nonce prop

Still needs:
- Wallet app implementation
- Testing with all Script components in the app
- Testing with third-party scripts (Twitter embeds, etc.)
- Verification that HBAuth/Beekeeper WASM still works
- Hive Keychain compatibility testing
- Comprehensive testing before switching from Report-Only to enforcing

This provides ~95% XSS protection vs ~40% with unsafe-inline.