media: Require SecureContext for EME APIs

In this CL requestMediaKeySystemAccess() requires SecureContext. On
non-SecureContext, this API will not be visible.

Some notes for future reference:

1. file:// is always treated as SecureContext.
2. file:// is not a unique origin. The origin string is "file://"
3. LoadFromData is treated as non-SecureContext. See the updated [1]
   in this CL.
4. LoadFromData is also treated as unique origin. This is what [1]
   used to test without this CL.
5. allowFileAccessFromFileURLs has nothing to do with SecureContext.
   Rather it controls whether you can load other files from file://.
   - So if you run a simple html page on file://, and that file
     doesn't depend on any other file, you don't need
     allowFileAccessFromFileURLs. This is why for [2] we don't
     really need allowFileAccessFromFileURLs.
   - If the html page depends on other js files, without
     allowFileAccessFromFileURLs, those js files will not be loaded.
     This will cause a lot of test failures. That's why in content
     shell, we have allowFileAccessFromFileURLs enabled by default.

[2] android_webview/test/shell/assets/key-system-test.html

TEST=Manually tested and made sure EME APIs are not available on
insecure origins.

Cr-Commit-Position: refs/heads/master@{#449344}
12 files changed