always fallback legacy build when CSP

Describe the bug

We use this line for detecting browser support. https://github.com/vitejs/vite/blob/08a1ec798184a7c8522b63d3795408568162c0e4/packages/plugin-legacy/index.js?_pjax=%23js-repo-pjax-container%2C div[itemtype%3D"http%3A%2F%2Fschema.org%2FSoftwareSourceCode"] main%2C [data-pjax-container]#L21

but new Function code doesn’t allow when CSP defaults. So the browser will always fallback. CSP hash can’t ignore unsafe-eval.

Reproduction

HTTP server header

Content-Security-Policy: default-src 'self'

And Using @vite/plugin-legacy

Project: https://github.com/yoyo930021/vite-legacy-csp-bug

System Info

System:
    OS: macOS 11.6
    CPU: (8) x64 Intel(R) Core(TM) i5-1038NG7 CPU @ 2.00GHz
    Memory: 2.49 GB / 16.00 GB
    Shell: 5.8 - /bin/zsh
  Binaries:
    Node: 14.18.1 - ~/.volta/tools/image/node/14.18.1/bin/node
    Yarn: 2.4.2 - ~/.volta/tools/image/yarn/1.22.10/bin/yarn
    npm: 7.22.0 - ~/.volta/tools/image/npm/7.22.0/bin/npm
  Browsers:
    Edge: 96.0.1054.34
    Firefox Developer Edition: 95.0
    Firefox Nightly: 96.0a1
    Safari: 15.0

Used Package Manager

yarn

Logs

No response

Validations

• Follow our Code of Conduct
• Read the Contributing Guidelines.
• Read the docs.
• Check that there isn’t already an issue that reports the same bug to avoid creating a duplicate.
• Make sure this is a Vite issue and not a framework-specific issue. For example, if it’s a Vue SFC related bug, it should likely be reported to https://github.com/vuejs/vue-next instead.
• Check that this is a concrete bug. For Q&A open a GitHub Discussion or join our Discord Chat Server.
• The provided reproduction is a minimal reproducible example of the bug.