Reduce CSP inline style violations in drug stock webviews

[igbanam]

Story card: SIMPLEBACK-95

Because

style-src-attr and style-src-elem CSP violations are among the highest-volume Sentry errors for Simple Server, with a large concentration on the webview drug stock pages.

This addresses

• Adds CSP nonce attributes to helper-generated inline assets:
  • inline_stylesheet
  • inline_js
• Removes inline style="..." attributes from the highest-traffic webview templates:
  • app/views/webview/drug_stocks/new.html.erb
  • app/views/webview/drug_stocks/index.html.erb
• Adds a CSP nonce to the inline script in webview/drug_stocks/new.
• Removes inline style attributes from SVG assets used on that flow:
  • app/assets/images/chevron-left.svg
  • app/assets/images/check-mark-small.svg

Test instructions

1. Open the drug stock webview pages:
   • /webview/drug_stocks/new
   • /webview/drug_stocks
2. Verify both pages render correctly (buttons, footer spacing, icons).
3. Inspect page source/DOM and confirm there are no inline style="..." attributes on the modified elements.
4. Confirm helper-generated inline <style> / <script> tags include a nonce attribute.
5. Monitor Sentry issues SIMPLE-SERVER-1RQ and SIMPLE-SERVER-1RR after deploy for a drop in new events.