feat: add possibility for security SRI/integrity attribute

[danyball]

Prerequisites

• I have read the Contributing Guidelines.
• I agree to follow the Code of Conduct.
• I have searched for existing issues that already include this feature request, without success.

Describe the Feature Request

If providing stencil component files via a CDN its recommended to load them with an integrity attribute: https://www.w3schools.com/tags/att_script_integrity.asp

This is easily possible for stencil's loader file. But this file loads other scripts without the possibility of adding a integrity hash.

Describe the Use Case

A big design system is providing stencil components via a CDN and consumers wanted to use this security technique.

Describe Preferred Solution

• consumer just needs to add the SRI "manually" to the loader file request (consumer know the hash)
• loading of all other files could be extended by the hashes of each file by stencil internal loading logic
• those hashes could be generated at build time and baked into the loader file (because the browser can trust the value of the loader file)

Describe Alternatives

There are a lot of alternatives. Maybe the consumer can create itself the hashes of loaded files and provide them to the stencil loader.

Related Code

No response

Additional Information

No response

[christian-bromann]

@danyball thanks for raising the issue. I think this is a great idea and could simplify the process to deliver components to end users. Any contributions to the compiler would be much appreciated.