fix(nonce): override user-defined nonce values with Nuxt Image

[GalacticHypernova]

Resolves #586

Types of changes

• Bug fix (a non-breaking change which fixes an issue)
• New feature (a non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Description

For users utilizing Nuxt Image (with its option to provide custom nonces), Nuxt Security will override the user-defined nonce to ensure standard-complying, cryptographically secure nonces.

As a side note, it is worth deprecating the nonce property in Nuxt Image regardless due to the security concerns it brings with no proportionate benefit

Checklist:

• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have added tests to cover my changes (if not applicable, please state why)

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
security	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Dec 28, 2024 5:36pm

[GalacticHypernova]

I originally thought about making the nonce detection directly within the link regex, but I couldn't find as of this moment a pattern that is not susceptible to a ReDoS (regular expression denial of service) attack. Therefore, I introduced a new regex to compare for each found link.

[vejja]

This one looks ok to me