fix(security): add missing CSP nonce to theme_editor.php and make inline style conditional

- Add CSP nonce to script tag in theme_editor.php (Issue #459)
- Make inline style attribute on headline conditional based on outputowncss setting (Issue #458)
- Inline style is now only output when custom CSS is not enabled
- Aligns with behavior of style block which is also conditional

Author: skerbis

fragments/ConsentManager/box.php

@@ -77,7 +77,7 @@
             <?php endif; ?>
             <div class="consent_manager-wrapper" id="consent_manager-wrapper" tabindex="-1" role="dialog" aria-modal="true" aria-labelledby="consent_manager-headline">
                 <div class="consent_manager-header">
-                    <p class="consent_manager-headline" id="consent_manager-headline" style="margin:0; font-weight:bold; color: inherit;"><?= $consent_manager->texts['headline'] ?></p>
+                    <p class="consent_manager-headline" id="consent_manager-headline"<?php if ('' === $cssFrameworkMode && false === $addon->getConfig('outputowncss', false)) : ?> style="margin:0; font-weight:bold; color: inherit;"<?php endif; ?>><?= $consent_manager->texts['headline'] ?></p>
                     <button class="consent_manager-close" aria-label="Close" type="button">×</button>
                 </div>
                 <div class="consent_manager-wrapper-inner">

fragments/ConsentManager/theme_editor.php

@@ -589,7 +589,7 @@ class="btn <?= $themeBase === $key ? 'btn-primary' : 'btn-default' ?>">
 }
 </style>
 
-<script>
+<script nonce="<?= rex_response::getNonce() ?>">
 (function() {
     'use strict';