Reworked inline tracking script so CSP doesn't block it on the checkout.

[hostep]

See #119
On recent Magento versions with a strict CSP policy (which is the default) on checkout and in backoffice when creating orders, some inline javascript refuses to execute if it doesn't has a nonce assigned to it. This PR introduces that.

Further remarks:

• There are more phtml files with inline javascript, but I only tackled the tracking.phtml and powerstep_script.phtml ones here, as our shop only seems to load these file on the checkout and not the others
• I've started my branch from tag 4.8.8 and not from master because we needed a patch in our shop, but I see this tracking.phtml file has already changed on the master branch, so this will conflict. I'm not willing to spend more time into this at this point as this is highly complicated
• It's not clear which versions of Magento you still support, but be aware that the SecureHtmlRenderer class was only introduced in Magento 2.4.0, so in case you guys still support older Magento shops you'll have to first check if that class exists before trying to use it and if the class doesn't exist, just output the script as-is.