[CDN]: Support Subresource integrity

[LoganB99]

Feature Description

Support optional Subresource Integrity (SRI) metadata for swagger-ui-dist CDN bundles

Provide published integrity= and crossorigin= attributes for official CDN‑hosted Swagger UI assets (e.g. swagger-ui-bundle.js, swagger-ui.css) to enable runtime integrity validation in browsers.

Problem it solves:

• Scanners currently flag missing integrity attributes as a security weakness.
• Without SRI, there’s no protection against CDN supply‑chain tampering.
• Security teams require measurable mitigation—even for client‑side docs.
• Resolves Security Weakness CWE-693, OWASP A1 Broken Access Control

Use Case

• Security tooling flags missing SRI on Swagger UI assets delivered via jsDelivr
• This causes false‑positive vulnerability findings across nearly all Swagger UI deployments using CDN.
• Teams want to satisfy compliance requirements with minimal overhead.
• Public or internal docs could benefit from SRI for trust and auditability.

Suggested Solution

• Automatically generate SRI hashes (e.g. sha384‑...) for each release and surface them in package metadata or CDN meta pages.
• Provide example HTML snippets with <script>/<link> including integrity and crossorigin="anonymous".
• Offer versioned integrity manifest files (e.g., .integrity.json) to support pinning across releases.
• Add crossorigin="anonymous" hints to prevent integrity validation issues in browsers

Alternatives Considered

• Self‑hosting Swagger UI assets and generating hashes manually — works, but is brittle and maintenance-heavy, risks not getting updtes via FastAPI
• Restricting or disabling docs in production (e.g., with auth or IP filtering) — defeats the purpose of users reading documentation

Additional Context

• There is an existing GitHub discussion: “Add integrity attributes to check security of CDN resources” (Add integrity attributes to check security of CDN resources #11163), but it remains unanswered.

---

✅ Checklist

• Searched existing issues — Add integrity attributes to check security of CDN resources #11163 covers this request.
• Use case is broadly applicable across many Swagger UI consumers.
• Enough technical context provided (asset formats, distribution channels, workaround options).