I propose adding `crossorigin=anonymous` for signed stylesheets to allow for CORS policy.
Practical example - I keep my web page in S3 bucket and redirect both naked domain and www domain into the same bucket (this is rare scenario - most people duplicate buckets).
So I had to enable CORS like in [this article](https://medium.com/@Keithweaver_/only-allowing-access-to-your-s3-bucket-via-your-website-5ca5c8546152) However CORS cannot be used without crossorigin=anonymous set. (explained [here](https://stackoverflow.com/questions/32039568/what-are-the-integrity-and-crossorigin-attributes)
Also added pl.toml for Polish language.
