Detect when document.currentScript is shadowed

This does not fix any known security bug, just making sure if
someone adds <img name=currentScript> to the HTML then
we'll throw a helpful error instead of silently doing the wrong
thing.

src/packager/packager.js

@@ -1034,6 +1034,7 @@ cd "$(dirname "$0")"
       let projectDecodeIndex = 0;
       const decodeChunk = (size) => {
         try {
+          if (document.currentScript.tagName.toUpperCase() !== 'SCRIPT') throw new Error('document.currentScript is not a script');
           base85decode(document.currentScript.getAttribute("data"), projectDecodeBuffer, projectDecodeIndex);
           document.currentScript.remove();
           projectDecodeIndex += size;