Django-csp

=====
- Removed ``CSPMiddlewareAlwaysGenerateNonce`` middleware that forced nonce headers when not used in
content encouraging better security practices ([274](https://github.com/mozilla/django-csp/pull/274))

=====
- Fix ``CSPMiddlewareAlwaysGenerateNonce`` to always generate the nonce.
([272](https://github.com/mozilla/django-csp/pull/272))

=====
BACKWARDS INCOMPATIBLE change:

- `request.csp_nonce` is now Falsy (`bool(request.csp_nonce)`) until it is read as a
string (for example, used in a template, or `str(request.csp_nonce)`). Previously,
it always tested as `True`, and testing generated the nonce.
([270](https://github.com/mozilla/django-csp/pull/270))

Other changes:

- Upgrade ReadTheDocs environment ([262](https://github.com/mozilla/django-csp/pull/262))
- Allow reading the nonce after response if it was included in the header. Add
``CSPMiddlewareAlwaysGenerateNonce`` to always generate a nonce.
([269](https://github.com/mozilla/django-csp/pull/262))

=====
- Fix missing packaging dependency ([266](https://github.com/mozilla/django-csp/pull/266))

=====
- Add Python 3.13, drop EOL Python 3.8 ([245](https://github.com/mozilla/django-csp/pull/245))
- docs: Fix trusted_types links ([250](https://github.com/mozilla/django-csp/pull/250))
- Add `EXCLUDE_URL_PREFIXES` check ([252](https://github.com/mozilla/django-csp/pull/252))
- Support CSP configuration as sets ([251](https://github.com/mozilla/django-csp/pull/251))
- docs: Note that reporting percentage needs rate limiting middleware ([256](https://github.com/mozilla/django-csp/pull/256))
* Document constant NONE vs Python's None ([255](https://github.com/mozilla/django-csp/pull/255))
- Raise error when nonce accessed after response ([258](https://github.com/mozilla/django-csp/pull/258))
- Test on Django 5.2 ([261](https://github.com/mozilla/django-csp/pull/261))

=====
- Add type hints. ([228](https://github.com/mozilla/django-csp/pull/228))
- Expand ruff configuration and move into pyproject.toml [[234](https://github.com/mozilla/django-csp/pull/234)]
- Documentation fixes by jamesbeith and jcari-dev
- Simplify middleware logic ([226](https://github.com/mozilla/django-csp/pull/226))
- Report percentage of 100% should always send CSP report ([236](https://github.com/mozilla/django-csp/pull/236))
- Changes to make `CSPMiddleware` easier to subclass ([237](https://github.com/mozilla/django-csp/pull/237))
- Change `REPORT_PERCENTAGE` to allow floats (e.g. for values < 1%) ([242](https://github.com/mozilla/django-csp/pull/242))
- Add Django 5.1 support ([243](https://github.com/mozilla/django-csp/pull/243))