Allow nonce to be configured for vite_react_refresh

[mattt]

Thanks for adding the vite_react_refresh template tag in #53.

My site is configured with a Content Security Policy using django-csp. If I add {% vite_react_refresh %} in my base template and navigate to a page in my browser, the following error is printed to the console:

Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.

As a workaround, I've replaced vite_react_refresh with a <script> tag that includes the generated nonce, like so:

{% if DEBUG %}
  <script type="module"
          nonce="{{ request.csp_nonce }}">
    import RefreshRuntime from 'http://localhost:5173/@react-refresh'
    RefreshRuntime.injectIntoGlobalHook(window)
    window.$RefreshReg$ = () => {}
    window.$RefreshSig$ = () => (type) => type
    window.__vite_plugin_react_preamble_installed__ = true

  </script>
{% endif %}

It'd be nice to be able to pass the nonce into vite_react_refresh as a parameter.

[Niicck]

This has been added to v3.0.3