Use jsdelivr cdn for jupyter widgets dependencies

[jjallaire]

This PR replaces the use of cdnjs.cloudflare.com and unpkg.com with cdn.jsdelivr.net for jupyter widgets. The motivation is to bring more uniformity to JS CDN's for people defining content security policies for quarto websites. Since we already use jsdelivr for MathJax, Katex, and Algolia this brings Juptyer Widgets in line with those uses.

[posit-snyk-bot]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

✅ license/snyk check is complete. No issues have been found. (View Details)

[cscheid]

I like this, and we should make a note on the changelog.

I think we should inventory the locations we potentially grab content from as well.

[cscheid]

After a full review of quarto-cli, this is what I found:

• If google analytics support is enabled, src/project/types/website/website-analytics.ts:
  • www.googletagmanager.com
  • www.google-analytics.com
• If webtex is chosen to be the default math method, src/command/render/pandoc.ts:
  • latex.codecogs.com
• If revealjs multiplex is enabled: src/format/reveal/format-reveal-multiplex.ts (we will definitely need to fix this one, because glitch is going away)
  • reveal-multiplex.glitch.me
• For a number of revealjs and bootswatch themes:
  • fonts.googleapis.com
• Our internal debugging tools:
  • esm.sh
  • cdn.skypack.dev
• giscus support:
  • giscus.app
• placeholder shortcode:
  • svg2png.deno.dev
• video shortcode:
  • www.youtube.com
  • youtu.be
  • www.youtube-nocookie.com
  • players.brightcove.net
  • vimeo.com
• OJS support:
  • cdn.observableusercontent.com (when importing from OJS notebooks)
  • unpkg.com
  • cdn.jsdelivr.net
  • static.observableusercontent.com

[cscheid]

Doc PR is up.