Add subresource integrity for design system initializer script

[aduth]

🛠 Summary of changes

Manually adds subresource integrity hash for a script contained within the design system dependency, with spec coverage to ensure it is kept in sync should the contents of the file change.

Most of our JavaScript is compiled through Webpack, where the subresource integrity hashes are computed as part of the Webpack compilation. This script is loaded directly from the @18f/identity-design-system NPM package, and therefore cannot take advantage of this.

To ensure broad coverage of subresource integrity of all JavaScript assets loaded in critical paths, this manually assigns the integrity value. Test coverage ensures that this value is correct, in case a future update of @18f/identity-design-system changes the content of the script.

Alternative solutions:

• We could create a new "pass-through" Webpack pack, whose sole purpose is to import the initializer script. The mere existence of the Webpack pack would be enough to create the integrity.

📜 Testing Plan

Verify specs pass:

rspec spec/requests/asset_sri_spec.rb

Verify subresource integrity is valid:

1. Go to http://localhost:3000
2. Open browser developer tools
3. Observe no console errors about subresource integrity