Implement the `require-sri-for` CSP directive

As defined in [1], this CSP directive allows developers to block resource
requests that do not contain integrity metadata. This includes contexts
like external scripts, workers, shared workers, service workers, external
stylesheets, preload requests, and requests originated by CSS @import.


Intent to implement:!msg/blink-dev/jyCdW1dHyYA/YefRSKs1AQAJ


Cr-Commit-Position: refs/heads/master@{#405530}
42 files changed