inject metamask inpage provider so unsafe-inline isn't required in the CSP on Firefox

[mrnerdhair]

In hdwallet-metamask, use @metamask/providers (or maybe even the older metamask-inpage-provider -- see shapeshift/web#443 for some potentially-adaptable code) to try to instantiate a metamask provider for use in case detectEthereumProvider() can't find window.ethereum. This is relevant because Firefox applies page CSPs to code injected by extensions, which will block thing metamask's injected provider if we don't include the unsafe-inline options.

This may be better served as a change PRed to @metamask/detect-provider to resolve MetaMask/detect-provider#31.

(see also shapeshift/web#541)

[mrnerdhair]

Needs #417.

[sudarno08]

Yes