Add signals strategy configuration for customers with restrictive CSPs

[silesky]

• Raises the max signal buffer to 100.
• Add new setting:

const plugin = new SignalsPlugin({ sandboxStrategy: 'global' })

Background

This fixes CSP errors: unsafe-inline and unsafe-eval without requiring customers to add these to their CSP directive. These occur because, ironically, the default safe strategy of injecting js as a string into an iframe-web-worker and evaluating is not allowed because it's dynamic, so this setting essentially removes the sandbox.

The iframe sandbox is mainly needed for "vanilla" function scenarios where people can introduce infinite loops, etc -- not UI-driven auto-instrumentation scenarios, so global is probably going to become the default.

There is a feature called Shadow Realms that is coming to JS, that one day we will be able to use without upsetting CSPs.

TLDR

The following CSP:

<meta http-equiv="Content-Security-Policy" content="script-src 'self' https://*.segment.com https://*.googletagmanager.com blob:">

Produces the following error:

[changeset-bot]

🦋 Changeset detected

Latest commit: 098319b

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@segment/analytics-signals	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[codecov]

Codecov Report

Attention: Patch coverage is 20.51282% with 93 lines in your changes missing coverage. Please review.

Project coverage is 82.66%. Comparing base (f2c2b76) to head (098319b).
Report is 5 commits behind head on master.

Files with missing lines	Patch %	Lines
...ages/signals/signals/src/core/processor/sandbox.ts	31.66%	41 Missing ⚠️
...kages/signals/signals/src/lib/load-script/index.ts	2.85%	34 Missing ⚠️
...gnals/src/core/middleware/event-processor/index.ts	11.76%	15 Missing ⚠️
...es/signals/signals/src/core/processor/processor.ts	0.00%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1284      +/-   ##
==========================================
- Coverage   83.84%   82.66%   -1.18%     
==========================================
  Files         223      224       +1     
  Lines        5906     6001      +95     
  Branches     1346     1359      +13     
==========================================
+ Hits         4952     4961       +9     
- Misses        954     1040      +86     

Flag	Coverage Δ
browser	92.16% <ø> (ø)
core	89.86% <ø> (ø)
node	87.93% <ø> (ø)

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[alanjcharles]

lgtm!