Authenticate Supervision Onboarding pages.

This change adds a webview to the supervision onboarding screen and
adds code that authenticate fetches made by this webview.

The whole flow for displaying a Supervision Onboarding page is:
- Fetch access token scoped to supervision servers.
- Add listeners to webview requests to we can add the access token and
  inspect their HTTP responses. These listeners only fire for requests
  to the URLs that we want.
- Start the request and wait for the webview to finish loading.
- Return all occurrences of the supervision custom HTTP header found in
  the responses.
- Onboarding controller now decides if it should exit the flow or
  continue showing the page based on the custom header values.

Some notes on implementation choices:
- We want to keep most of the logic that controls the flow in the
  Onboarding controller. We plan on reusing this controller to power
  a dedicated WebUI that will provide the same flow outside of the
- For now, all the server configuration is being done by switches.
  This is necessary since the Supervision server is still being built,
  so the switches make development easier with local dev servers.
  When the server is done these switches will be deleted and become
- I had to divide the login:closure_compile target because I needed to
  add the chrome_extensions.js externs file. There's a full explanation
  why that was a problem in the BUILD file.
- Tests are incoming! They are actually ready but I wanted to keep this
  change simple. See the related change if you're curious.

Bug: 958995
Change-Id: Iedb39bc7fb76fb8fdc516171e1e6d094c248561a
Reviewed-by: Oliver Chang <>
Reviewed-by: Michael Giuffrida <>
Commit-Queue: Lucas TenĂ³rio <>
Cr-Commit-Position: refs/heads/master@{#661057}
13 files changed