Embed CSP meta tag and stop using script-src unsafe-inline

src/vector/app.js

@@ -162,14 +162,15 @@ function onTokenLoginCompleted() {
 }
 
 export async function loadApp() {
-    if (window.vector_indexeddb_worker_script === undefined) {
+    const vectorIndexeddbWorkerScript = document.body.dataset.vectorIndexeddbWorkerScript;
+    if (!vectorIndexeddbWorkerScript) {
         // If this is missing, something has probably gone wrong with
         // the bundling. The js-sdk will just fall back to accessing
         // indexeddb directly with no worker script, but we want to
         // make sure the indexeddb script is present, so fail hard.
         throw new Error("Missing indexeddb worker script!");
     }
-    MatrixClientPeg.setIndexedDbWorkerScript(window.vector_indexeddb_worker_script);
+    MatrixClientPeg.setIndexedDbWorkerScript(vectorIndexeddbWorkerScript);
     CallHandler.setConferenceHandler(VectorConferenceHandler);
 
     window.addEventListener('hashchange', onHashChange);