Add CSP mapping for 'wasm-unsafe-eval'

The `'wasm-unsafe-eval'` keyword for the Content Security Policy allows the
loading and execution of WebAssembly modules without the need to allow unsafe
JavaScript execution via `'unsafe-eval'`. A mapping is added so that the symbol
`:wasm_unsafe_evel` can be used for this keyword in the policy configuration in
`config/initializers/content_security_policy.rb`.

Author: jrmhaig

actionpack/CHANGELOG.md

@@ -1,2 +1,13 @@
+*   Add `:wasm_unsafe_eval` mapping for `content_security_policy`
+
+    ```ruby
+    # Before
+    policy.script_src "'wasm-unsafe-eval'"
+
+    # After
+    policy.script_src :wasm_unsafe_eval
+    ```
+
+    *Joe Haig*
 
 Please check [7-2-stable](https://github.com/rails/rails/blob/7-2-stable/actionpack/CHANGELOG.md) for previous changes.

actionpack/lib/action_dispatch/http/content_security_policy.rb

@@ -126,6 +126,7 @@ def generate_content_security_policy_nonce
     MAPPINGS = {
       self:             "'self'",
       unsafe_eval:      "'unsafe-eval'",
+      wasm_unsafe_eval: "'wasm-unsafe-eval'",
       unsafe_hashes:    "'unsafe-hashes'",
       unsafe_inline:    "'unsafe-inline'",
       none:             "'none'",

actionpack/test/dispatch/content_security_policy_test.rb

@@ -45,6 +45,9 @@ def test_mappings
     @policy.script_src :unsafe_eval
     assert_equal "script-src 'unsafe-eval'", @policy.build
 
+    @policy.script_src :wasm_unsafe_eval
+    assert_equal "script-src 'wasm-unsafe-eval'", @policy.build
+
     @policy.script_src :none
     assert_equal "script-src 'none'", @policy.build