Implement trusted types url setter (#36596)

We now check the sink of script.src for trusted types. This is the first
attribute that we check, other sinks will be implemented in follow-up
changes.

The algorithms currently hardcode various parts. That's because I need
to refactor a couple of algorithms already present in TrustedTypePolicy.
They use callbacks at the moment, which made sense for their initial
use. However, for these new algorithms they don't work. Therefore, I
will align them with the specification by taking in an enum. However,
since that's a bigger refactoring, I left that out of this PR (which is
already quite big).

The other trusted types support (createScript and createHTML) will also
be implemented separately.

Part of #36258

---------

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>

components/script_bindings/codegen/Bindings.conf

@@ -416,7 +416,7 @@ DOMInterfaces = {
 },
 
 'HTMLScriptElement': {
-    'canGc': ['SetAsync', 'SetCrossOrigin', 'SetText']
+    'canGc': ['SetAsync', 'SetCrossOrigin', 'SetSrc', 'SetText']
 },
 
 'HTMLSelectElement': {

components/script_bindings/webidls/HTMLScriptElement.webidl

@@ -7,8 +7,8 @@
 interface HTMLScriptElement : HTMLElement {
   [HTMLConstructor] constructor();
 
-  [CEReactions]
-           attribute USVString src;
+  [CEReactions, SetterThrows]
+           attribute (TrustedScriptURL or USVString) src;
   [CEReactions]
            attribute DOMString type;
   [CEReactions]