Currently we generate our nonce with a completely random value each time:

config.content_security_policy_nonce_generator = ->(_request) { SecureRandom.base64(16) }

However, Rails 8 uses the request.session.id:

config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }

I believe technically this could mean more reuse in the generator, as the session id assumingly is reused across all requests for the particular session, but I'm not sure if that actually matters (nor if it means that the actual nonce will be the same for all requests), and it might be nicer if we're aligned with the rails default for future upgrades