feat: simplify feature detections csp policies

[guybedford]

This fixes CSP support with a number of enhancements:

• Fixing the case where HTMLScriptElement.supports('importmap') === false skips the import map detection as it should have been doing already
• Updating the internal feature detections to use blobs instead of data URIs so that it's only necessary to add blob: to the policy and not both blob: and data: for easier usage
• The document.write path in the iframe feature detection is again modified to attempt a srcdoc approach first before falling back to document.write. This avoids a bunch of warnings and possible issues with using document.write by default. Hopefully this finally gets us to a middle ground on that case.
• A new clear error message is thrown by the Wasm build when eval is not supported, to avoid possible obscure errors.