Builds on @hyperNURb's #1193 (preserves all original commits/authorship) and addresses the items blocking that PR.

What this PR adds on top of #1193

1. Merge with master — resolves the two conflicts (packages/dockview-core/src/dockview/options.ts imports + __generated__/dockview-core-exports.txt). Brings in the unrelated ReactComponentBridge test-flake fix (ce02eea24) so CI's test job stops failing.
2. fix(dockview-core): avoid duplicating rules from external stylesheets — addStyles previously appended a <link> for href-bearing sheets and fell through to inject inline <style> elements for the same sheet, which both duplicates rules (same-origin sheets) and triggers the security-warning path (cross-origin sheets). Flagged by the Copilot review on feat: support strict CSP #1193. Now we continue past the inline-injection block once the <link> has been appended, and the existing test is tightened to assert no <style> is produced for an href sheet.
3. Format — runs prettier on dom.ts and dom.spec.ts so format:check passes.
4. test(dockview-core): cover CSP nonce wiring —
   • New popoutWindow.spec.ts (3 tests) drives PopoutWindow.open() with a mocked window.open and verifies the nonce option flows through addStyles into the <style> elements in the popout document, for both string and (targetDocument) => string forms.
   • New options.spec.ts asserts 'nonce' ∈ PROPERTY_KEYS_DOCKVIEW, which is the contract that lets the React and Vue wrappers auto-forward the option without explicit prop wiring (validates the description's claim that React/Vue are covered).

Test plan

• yarn nx run dockview-core:format:check — clean
• yarn nx run dockview-core:lint — 0 errors
• yarn nx run dockview-core:test — 867/867 pass (+14 from new tests)
• Verified the addStyles test would have caught the duplicate-rules bug (checked by reverting the continue locally — <style> length goes from 0 → 1)

🤖 Generated with Claude Code