fix(svg): fix assigning style attribute does not work when CSP is enforced

[alxnddr]

Fixes apache/echarts#16610

Overview

This pull request addresses a specific limitation concerning Content Security Policy (CSP). When CSP is enabled, direct assignments to an element's style property using a string are disallowed. However it is possible to use element.style.cssText = ... instead.

Reproduction

Create and open an HTML file with the following content:

<!DOCTYPE html>
<html>
  <head>
    <meta
      http-equiv="Content-Security-Policy"
      content="script-src 'nonce-my-nonce'; style-src 'nonce-my-nonce'"
    />
    <style nonce="my-nonce">
      #main {
        width: 100vw;
        height: 100vh;
      }
    </style>
  </head>
  <body>
    <div id="main"></div>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/zrender/5.4.4/zrender.min.js" nonce="my-nonce"></script>
    <script nonce="my-nonce">
      const zr = zrender.init(document.getElementById("main"), {
        renderer: "svg",
      });

      var text = new zrender.Text({
        style: {
          text: "this text should be 64px and bold",
          fill: "red",
          font: "bold 64px sans-serif",
          textAlign: "center",
        },
        x: 100,
        y: 100,
      });

      zr.add(text);
    </script>
  </body>
</html>

In the console you should see the following error:

[luizarakaki]

@Ovilia @pissang
Can you take a look on this PR? Happy to iterate on it if necessary.