Restore inline icon style implementation, remove style-src nonce for unrestricted inline styles

[aduth]

🛠 Summary of changes

Fixes an issue where style-src nonce being added to default content security policy conflicts with instances where unsafe inline stylesheets are expected to be allowed. The presence of the nonce causes inline styles to only work where the nonce is assigned. Removing the nonce allows inline styles in exempted overrides regardless of the presence of the nonce.

This is the fix alternative for #10113, expected to be included with the un-revert. Edit: This reverts #10113, effectively restoring the changes from #10065 and #10098 with the fix described above.

📜 Testing Plan

Verify regression tests pass:

rspec spec/controllers/concerns/idv/acuant_concern_spec.rb spec/controllers/concerns/idv/threat_metrix_concern_spec.rb

Verify that Acuant SDK loads successfully:

1. Use mobile local development for testing
2. Go to https://0.0.0.0:3000 (substitute with host for local IdP)
3. Sign in
4. Go to https://0.0.0.0:3000/verify (substitute with host for local IdP)
5. Continue until document capture
6. Tap front or back image
7. Verify that Acuant capture shows correctly in center of screen (see Slack reference for what not to see)

Verify no regressions in behavior of Threatmetrix: Must be done in deployed environment.

[aduth]

Rebased and force-pushed after revert in #10113.

Explanation of commits:

1. 99442f1: Revert the revert
2. 2989179: Fix the issue
3. 94610e5: Add regression specs

[aduth]

I'll be planning to test this in deployed environments as well after merge, especially since Threatmetrix is difficult to test locally.