How and why to implement nonce support?

Sorry about this subject perhaps being to broad but I am struggling to find about how and why to implement nonce support for this module.

My current understanding is that currently this module needs to have unsafe-inline set if the https://www.drupal.org/project/csp → module is enabled.

If we want to disable this as recommended by https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Securi... I suppose we need to:

1. Add a nonce to the CSP policy e.g.
Content-Security-Policy: script-src 'nonce-2726c7f26c'

2. Add this nonce to the inline script tag generated by this module. e.g.

<script nonce="2726c7f26c">window.dataLayer = window.dataLayer || []; window.dataLayer.push({"drupalLanguage"....</script>

My understanding for now is that:

1. Add a nonce to the CSP policy can be done by creating a subscriber and act upon the policy alter event as stated here https://www.drupal.org/docs/extending-drupal/contributed-modules/contrib... →

2. Of this I am not sure how to implement? I do read we need to take into account caching and use placeholders but am not sure which hook to use. See https://www.drupal.org/docs/extending-drupal/contributed-modules/contrib... →

Is this the correct way to implement this or is this perhaps another way to make the use of unsafe-inline unnecessary when using the csp module in combination with this module.