Upstream Blink's 'securitypolicyviolation' tests.

Starting on the long slog to get our CSP layout tests more completely
upstreamed. This patch leaves most upstream CSP tests disabled, as I
still need to go through them in detail, but carves out the
'securitypolicyviolation' directory, moves our local tests over, and
ports them to `testharness.js`-style.

BUG=695486

Review-Url: https://codereview.chromium.org/2711913003
Cr-Commit-Position: refs/heads/master@{#452780}
24 files changed