(Prompted by discussion at Blog Post: Toolforge provides proxied mirrors of cdnjs and now fontcdn, for your usage and user-privacy.)
Upstream CDNJS supports (e.g.) copying-and-pasting of full <link /> and <script /> elements for the hosted libraries, including with integrity attributes.
The interface to the Toolforge CDNJS service should also provide these snippets.
The hashes can be generated with e.g.:
cat bootstrap.min.css | openssl dgst -sha384 -binary | openssl base64 -A
And displayed like (linebreaks added here for easier reading):
<link rel="stylesheet" href="https://tools-static.wmflabs.org/cdnjs/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous" />