Check all ancestor navigable trustworthiness for mixed content (#36157)

Propagate through documents a flag that represents if any of the
ancestor navigables has a potentially trustworthy origin.

The "potentially trustworthy origin" concept appears to have gotten
confused in a couple of places and we were instead testing if a URL had
"potentially trustworthy" properties.

The main test for the ancestor navigables is
[mixed-content/nested-iframes](https://github.com/web-platform-tests/wpt/blob/master/mixed-content/nested-iframes.window.js)

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #36108 

<!-- Either: -->
- [X] There are tests for these changes

---------

Signed-off-by: Sebastian C <sebsebmc@gmail.com>

components/script/dom/document.rs

@@ -524,6 +524,8 @@ pub(crate) struct Document {
     /// <https://w3c.github.io/webappsec-upgrade-insecure-requests/#insecure-requests-policy>
     #[no_trace]
     inherited_insecure_requests_policy: Cell<Option<InsecureRequestsPolicy>>,
+    //// <https://w3c.github.io/webappsec-mixed-content/#categorize-settings-object>
+    has_trustworthy_ancestor_origin: Cell<bool>,
     /// <https://w3c.github.io/IntersectionObserver/#document-intersectionobservertaskqueued>
     intersection_observer_task_queued: Cell<bool>,
     /// Active intersection observers that should be processed by this document in
@@ -2479,7 +2481,9 @@ impl Document {
         mut request: RequestBuilder,
         listener: Listener,
     ) {
-        request = request.insecure_requests_policy(self.insecure_requests_policy());
+        request = request
+            .insecure_requests_policy(self.insecure_requests_policy())
+            .has_trustworthy_ancestor_origin(self.has_trustworthy_ancestor_or_current_origin());
         let callback = NetworkListener {
             context: std::sync::Arc::new(Mutex::new(listener)),
             task_source: self
@@ -2498,7 +2502,9 @@ impl Document {
         mut request: RequestBuilder,
         listener: Listener,
     ) {
-        request = request.insecure_requests_policy(self.insecure_requests_policy());
+        request = request
+            .insecure_requests_policy(self.insecure_requests_policy())
+            .has_trustworthy_ancestor_origin(self.has_trustworthy_ancestor_or_current_origin());
         let callback = NetworkListener {
             context: std::sync::Arc::new(Mutex::new(listener)),
             task_source: self
@@ -3735,6 +3741,7 @@ impl Document {
         is_initial_about_blank: bool,
         allow_declarative_shadow_roots: bool,
         inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
+        has_trustworthy_ancestor_origin: bool,
     ) -> Document {
         let url = url.unwrap_or_else(|| ServoUrl::parse("about:blank").unwrap());
 
@@ -3895,6 +3902,7 @@ impl Document {
             is_initial_about_blank: Cell::new(is_initial_about_blank),
             allow_declarative_shadow_roots: Cell::new(allow_declarative_shadow_roots),
             inherited_insecure_requests_policy: Cell::new(inherited_insecure_requests_policy),
+            has_trustworthy_ancestor_origin: Cell::new(has_trustworthy_ancestor_origin),
             intersection_observer_task_queued: Cell::new(false),
             intersection_observers: Default::default(),
             active_keyboard_modifiers: Cell::new(Modifiers::empty()),
@@ -4052,6 +4060,7 @@ impl Document {
         is_initial_about_blank: bool,
         allow_declarative_shadow_roots: bool,
         inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
+        has_trustworthy_ancestor_origin: bool,
         can_gc: CanGc,
     ) -> DomRoot<Document> {
         Self::new_with_proto(
@@ -4072,6 +4081,7 @@ impl Document {
             is_initial_about_blank,
             allow_declarative_shadow_roots,
             inherited_insecure_requests_policy,
+            has_trustworthy_ancestor_origin,
             can_gc,
         )
     }
@@ -4095,6 +4105,7 @@ impl Document {
         is_initial_about_blank: bool,
         allow_declarative_shadow_roots: bool,
         inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
+        has_trustworthy_ancestor_origin: bool,
         can_gc: CanGc,
     ) -> DomRoot<Document> {
         let document = reflect_dom_object_with_proto(
@@ -4115,6 +4126,7 @@ impl Document {
                 is_initial_about_blank,
                 allow_declarative_shadow_roots,
                 inherited_insecure_requests_policy,
+                has_trustworthy_ancestor_origin,
             )),
             window,
             proto,
@@ -4248,6 +4260,7 @@ impl Document {
                     false,
                     self.allow_declarative_shadow_roots(),
                     Some(self.insecure_requests_policy()),
+                    self.has_trustworthy_ancestor_or_current_origin(),
                     can_gc,
                 );
                 new_doc
@@ -4795,6 +4808,15 @@ impl Document {
     pub fn set_allow_declarative_shadow_roots(&self, value: bool) {
         self.allow_declarative_shadow_roots.set(value)
     }
+
+    pub fn has_trustworthy_ancestor_origin(&self) -> bool {
+        self.has_trustworthy_ancestor_origin.get()
+    }
+
+    pub fn has_trustworthy_ancestor_or_current_origin(&self) -> bool {
+        self.has_trustworthy_ancestor_origin.get() ||
+            self.origin().immutable().is_potentially_trustworthy()
+    }
 }
 
 #[allow(non_snake_case)]
@@ -4825,6 +4847,7 @@ impl DocumentMethods<crate::DomTypeHolder> for Document {
             false,
             doc.allow_declarative_shadow_roots(),
             Some(doc.insecure_requests_policy()),
+            doc.has_trustworthy_ancestor_or_current_origin(),
             can_gc,
         ))
     }