Nonce CSP Misalignment

A recurring CSP enforcement shape where Next.js nonce generation and the active CSP header diverge (or wrong CSP sources like unsafe-eval are used), causing inline scripts to be blocked, especially across dev/prod and middleware vs config paths.