I’m not a lawyer nor an expert in Apple’s compliance rules, so I won’t try to answer that part of your question.
This thread on Stackoverflow has a number of suggestions for setting ITSAppUsesNonExemptEncryption.
The easiest solution is probably to add this to your config.xml:
<plugin name="cordova-ios-plugin-no-export-compliance" />