Add wasm-eval and document that problem around that

[rugk]

Problem

Chrome required unsafe-eval for loading of WebAssembly code. See https://github.com/WebAssembly/content-security-policy/issues/7 and all the linked issues.

Solution

They have now thankfully added a new wasm-eval in https://github.com/w3c/webappsec-csp/pull/293. As it says there, the spec is wrong, reportedly, Chrome/ium 97 accepts wasm-eval while the spec still calls it wasm-unsafe-eval.

More

After all, the issue is so big they draft a whole new spec about that, apparently: https://w3c.github.io/webappsec-csp/