This ticket will cover the discovery of all the code from core that is not compliant with CSP. It could be regular inline JavaScript script tag, inline event handler, etc.

See the other tickets in JENKINS-60865 to have examples of potential issues.

Acceptance criteria:

• All the non-compliant code location from Jenkins core is listed in the epic JENKINS-71014