As of Backdrop 1.19.0, the $options parameter passed to the backdrop_add_css() function can now accept a key of 'attributes'.

These attributes will be added to the resulting <link> tag.

Before:

$options = array(
  'type' => 'external',
  'every_page' => TRUE,
);
backdrop_add_css('https://foo.com/bar.css', $options);

or

function fork_awesome_css_alter(&$css) {
  $css[$css_external] = array(
    'every_page' => TRUE,
    'type' => 'file',
    'media' => 'all',
    'preprocess' => FALSE,
    'data' => 'https://foo.com/bar.css',
    'browsers' => array(),
  );
}

Results in <link rel="stylesheet" href="https://foo.com/bar.css" />.

After:

// From Font Awesome
$options = array(
  'type' => 'external',
  'every_page' => TRUE,
  'attributes' => array(
    'integrity' => 'foo',
    'crossorigin' => 'anonymous',
  ),
);
backdrop_add_css('https://foo.com/bar.css', $options);

or

// From Fork Awesome
function fork_awesome_css_alter(&$css) {
  $css[$css_external] = array(
    'every_page' => TRUE,
    'type' => 'file',
    'media' => 'all',
    'preprocess' => FALSE,
    'data' => 'https://foo.com/bar.css',
    'browsers' => array(),
    'attributes' => array(
      'integrity' => 'sha256-gsmEoJAws/Kd3CjuOQzLie5Q3yshhvmo7YNtBG7aaEY=',
      'crossorigin' => 'anonymous',
    ),
  );
}

Results in <link rel="stylesheet" href="https://foo.com/bar.css" integrity="sha256-gsmEoJAws/Kd3CjuOQzLie5Q3yshhvmo7YNtBG7aaEY=" crossorigin="anonymous"/>.

Introduced in branch: 
1.19.x
Introduced in version: 
1.19.0
Impacts: 
Module developers
Theme developers
Related Github Issues: 
https://github.com/backdrop/backdrop-issues/issues/4981