Split `Sec-Metadata` into `Sec-Fetch-*`.

As of [1], we've split the single `Sec-Metadata` header into multiple
headers: `Sec-Fetch-Dest`, `Sec-Fetch-Site`, and `Sec-Fetch-User`. This
patch does that work in Chromium.

The spec change also added `Sec-Fetch-Mode`, but this patch does not.
We'll add that functionality to Chromium in a future CL.

Test changes pulled from clap@'s excellent PR at
https://github.com/web-platform-tests/wpt/pull/14771

The test failures are expected: redirect failures are
https://crbug.com/872285, object/embed failures are
https://crbug.com/860510. XSLT failures are WontFix (some
engines support cross-origin XSLT; Blink does not).

[1]: https://github.com/mikewest/sec-metadata/commit/105103d775141912261dd164b16bd59b22f6d853

Bug: 843478
Change-Id: I7654d5e823ad813682ac3eb244bbc244a322e6ca
Reviewed-on: https://chromium-review.googlesource.com/c/1402448
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#622145}
49 files changed