Ensure that the pdf.sandbox.js scriptElement is also removed from the DOM (PR 12695 follow-up)

I completely missed this previously, but we obviously should remove the scriptElement as well to *really* clean-up everything properly.

Given that there's multiple existing usages of `loadScript` in the code-base, the safest/quickest solution seemed to be to have call-sites opt-in to remove the scriptElement using a new parameter.

src/display/display_utils.js

@@ -530,14 +530,20 @@ function isValidFetchUrl(url, baseUrl) {
 
 /**
  * @param {string} src
+ * @param {boolean} [removeScriptElement]
  * @returns {Promise<void>}
  */
-function loadScript(src) {
+function loadScript(src, removeScriptElement = false) {
   return new Promise((resolve, reject) => {
     const script = document.createElement("script");
     script.src = src;
 
-    script.onload = resolve;
+    script.onload = function (evt) {
+      if (removeScriptElement) {
+        script.remove();
+      }
+      resolve(evt);
+    };
     script.onerror = function () {
       reject(new Error(`Cannot load script at: ${script.src}`));
     };