Reject cross-origin redirects for top-level classic worker scripts

This CL rejects cross-origin redirects in top-level scripts of
classic (dedicated | shared) workers in WorkerClassicScriptLoader,
to ensure that the response and request URLs of
a worker top-level script are same-origin in successful cases.

As most of cross-origin redirects should be already rejected
by loaders, this CL affects only cross-origin-redirected workers
created from an extension origin that has permissions and CSP
settings to access both the origins of the request and response URLs,
which I expect extremely rare.

This CL also adds browser_tests that cover such cases.

Bug: 861965, 861564
Change-Id: I80c27f9df550490384b5066b4b192d6415210b6d
Reviewed-on: https://chromium-review.googlesource.com/1135916
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org>
Cr-Commit-Position: refs/heads/master@{#578376}
12 files changed