CSP: Enable whitelisting of external JavaScript via hashes

See https://w3c.github.io/webappsec-csp/#external-hash

Intent to Implement and Ship: https://groups.google.com/a/chromium.org/d/msg/blink-dev/t2ai4lsHhWI/MndrZyEWCwAJ

BUG=706380

Review-Url: https://codereview.chromium.org/2784753003
Cr-Commit-Position: refs/heads/master@{#462883}
12 files changed