Revert "FIX: Omit CSP nonce and hash values when unsafe-inline enabled (#25590)" (#25609)

This reverts commit 767b49232e.

If anything else (e.g. GTM integration) introduces a nonce/hash, then this change stops the splash screen JS to fail and makes sites unusable.

lib/content_security_policy/builder.rb

@@ -43,10 +43,6 @@ class ContentSecurityPolicy
 
       @directives.each do |directive, sources|
         if sources.is_a?(Array)
-          if sources.include?("'unsafe-inline'")
-            # Sending nonce- or sha###- values will disable unsafe-inline, so skip them
-            sources = sources.reject { |s| s.start_with?("'nonce-", "'sha") }
-          end
           policy.public_send(directive, *sources)
         else
           policy.public_send(directive, sources)