OOR-CORS: Support cross-origin redirect on webRequest::onBeforeRequest

Chrome Extensions can generate internal redirects in
webRequest::onBeforeRequest event handler.
See Life cycle of requests below.

Without OOR-CORS, WebRequestProxyingURLLoaderFactory generates virtual
response for Blink, and Blink-CORS handles the redirects. Simply said,
it rewrites the Origin header to be 'null' for cross-origin redirects.

Detailed steps are:
 1. A certain request is made by Blink.
 2. webRequest::onBeforeRequest intercepts the request, and generates
    an internal redirect response with status 307.
 3. Blink receives the generated response and Blink-CORS handles
    cross-origin redirects if it is needed, e.g. using Origin: null

But, if OOR-CORS is enabled, Blink does nothing. Detailed steps are:
 1. and 2. is ditto
 3. Blink receives the generated response and Blink-CORS is disabled
    and does nothing. Just new request for the redirect is made.
 4. The request is handled in NetworkService, with OOR-CORS. It sets
    Origin header for such cross-origin request, but the value is
    based on the request initiator's origin.

So the proxy needs to craft its ResourceRequest so that the OOR-CORS
can set a proper Origin header, null for such internal redirect cases.

My approach in this patch set is:
 1. Set null origin to the ResourceRequest.request_initiator to pretend
    the retained origin flag is set.
    See https://fetch.spec.whatwg.org/#concept-request-tainted-origin
 2. But WebRequestInfo is initialized with copied ResourceRequest that
    has the original request_initiator.

2. is needed for webRequest events. See API document below.
That says the initiator does not change through redirects.

Following tests in ExtensionWebRequestApiTest.WebRequestBlocking failed
if OOR-CORS is enabled without this patch.
- crossOriginAnonymousRedirect()
- crossOriginCredentialedRedirect()
- syncXhrsFromOurselfAreInvisible()

And this patch fixes them to pass.

Bug: 909633
Change-Id: I755db213256605c72015ab21c845e649bc35e319
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1503273
Auto-Submit: Takashi Toyoshima <toyoshim@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Karan Bhatia <karandeepb@chromium.org>
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Commit-Queue: Karan Bhatia <karandeepb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#638724}
2 files changed