Support SRI - Subresource Integrity

[e2jk]

The URLs to Bootstrap, jQuery and Popper should contain (ideally by default) the SRI hashes.
From MDN:

Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.

On Bootstrap's download page the SRI tags are included by default for all 3 libraries:

Example of how another Flask plugin addressed this :https://github.com/miguelgrinberg/Flask-Moment#subresource-integritysri
(in implementing this, it would probably be wise to include an option to deactivate SRI links)

Handy tool to calculate SRI hashes (if they are not listed anymore, for example if still pointing to an old version): https://www.srihash.org/