Documentation with a `--hosting-base-path` causes CSP errors

[cuberoot]

This plugin adds a <script> tag to support alternative base paths for deployed documentation (using --hosting-base-path). That causes issues on servers that implement a content security policy . Those typically restrict the use of plain script tags in source.

The preferred and more standard approach would be to use the tag instead.

Checklist

• If possible, I've reproduced the issue using the main branch of this package.
• This issue hasn't been addressed in an existing GitHub issue.

Expected behavior

I would expect the output to use the <base> tag when you use the --hosting-base-path

Actual behavior

A <script> tag is introduced to inject the base path, which violates any secure content security policy

Steps to Reproduce

Build the documentation for a package using a flag like --hosting-base-path /documentation and look at the generated index.html. It will contain code like:

        <script>
            var baseUrl = "/documentation/"
        </script>

That would be better replaced by a <base> tag

Swift-DocC Plugin Version Information

Swift-DocC plugin version: 1.4.3
Swift Compiler version:6.1.0.

[cuberoot]

I have noticed that DocC adds the script tag to the index.html files even if you do not use --hosting-base-path.

[heckj]

(sorry for the odd double-migration - this was originally in swift-docc-plugin, but is more properly an issue for swift-docc - only I missed the pull down when I was moving it earlier)