Also emit the CSP hash in a meta tag

Sustainsys.Saml2/WebSSO/Saml2PostBinding.cs

@@ -93,6 +93,9 @@ public override CommandResult Bind(ISaml2Message message, ILoggerAdapter logger)
 <!DOCTYPE html PUBLIC ""-//W3C//DTD XHTML 1.1//EN""
 ""http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"">
 <html xmlns=""http://www.w3.org/1999/xhtml"" xml:lang=""en"">
+<head>
+<meta http-equiv=""Content-Security-Policy"" content=""script-src 'sha256-P3ctnFLM5WKMitbWbZPkh7TsbhvCPtdF7mlwMUv2pgc='"">
+</head>
 <body>
 <noscript>
 <p>

Tests/Tests.Shared/WebSSO/Saml2PostBindingTests.cs

@@ -133,6 +133,9 @@ public void Saml2PostBinding_Bind()
 <!DOCTYPE html PUBLIC ""-//W3C//DTD XHTML 1.1//EN""
 ""http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"">
 <html xmlns=""http://www.w3.org/1999/xhtml"" xml:lang=""en"">
+<head>
+<meta http-equiv=""Content-Security-Policy"" content=""script-src 'sha256-P3ctnFLM5WKMitbWbZPkh7TsbhvCPtdF7mlwMUv2pgc='"">
+</head>
 <body>
 <noscript>
 <p>
@@ -181,6 +184,9 @@ public void Saml2PostBinding_Bind_WithRelayState()
 <!DOCTYPE html PUBLIC ""-//W3C//DTD XHTML 1.1//EN""
 ""http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"">
 <html xmlns=""http://www.w3.org/1999/xhtml"" xml:lang=""en"">
+<head>
+<meta http-equiv=""Content-Security-Policy"" content=""script-src 'sha256-P3ctnFLM5WKMitbWbZPkh7TsbhvCPtdF7mlwMUv2pgc='"">
+</head>
 <body>
 <noscript>
 <p>
@@ -235,6 +241,9 @@ public void Saml2PostBinding_Bind_SignsXml()
 <!DOCTYPE html PUBLIC ""-//W3C//DTD XHTML 1.1//EN""
 ""http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"">
 <html xmlns=""http://www.w3.org/1999/xhtml"" xml:lang=""en"">
+<head>
+<meta http-equiv=""Content-Security-Policy"" content=""script-src 'sha256-P3ctnFLM5WKMitbWbZPkh7TsbhvCPtdF7mlwMUv2pgc='"">
+</head>
 <body>
 <noscript>
 <p>