Check all ancestor navigable trustworthiness for mixed content (#36157)

Propagate through documents a flag that represents if any of the
ancestor navigables has a potentially trustworthy origin.

The "potentially trustworthy origin" concept appears to have gotten
confused in a couple of places and we were instead testing if a URL had
"potentially trustworthy" properties.

The main test for the ancestor navigables is
[mixed-content/nested-iframes](https://github.com/web-platform-tests/wpt/blob/master/mixed-content/nested-iframes.window.js)

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #36108 

<!-- Either: -->
- [X] There are tests for these changes

---------

Signed-off-by: Sebastian C <sebsebmc@gmail.com>

components/script/dom/servoparser/prefetch.rs

@@ -73,6 +73,7 @@ impl Tokenizer {
             // block the main parser.
             prefetching: Cell::new(false),
             insecure_requests_policy: document.insecure_requests_policy(),
+            has_trustworthy_ancestor_origin: document.has_trustworthy_ancestor_or_current_origin(),
         };
         let options = Default::default();
         let inner = TraceableTokenizer(HtmlTokenizer::new(sink, options));
@@ -105,6 +106,7 @@ struct PrefetchSink {
     prefetching: Cell<bool>,
     #[no_trace]
     insecure_requests_policy: InsecureRequestsPolicy,
+    has_trustworthy_ancestor_origin: bool,
 }
 
 /// The prefetch tokenizer produces trivial results
@@ -146,6 +148,7 @@ impl TokenSink for PrefetchSink {
                             parser_metadata: ParserMetadata::ParserInserted,
                         },
                         self.insecure_requests_policy,
+                        self.has_trustworthy_ancestor_origin,
                     );
                     let _ = self
                         .resource_threads
@@ -164,6 +167,7 @@ impl TokenSink for PrefetchSink {
                         None,
                         self.referrer.clone(),
                         self.insecure_requests_policy,
+                        self.has_trustworthy_ancestor_origin,
                     )
                     .origin(self.origin.clone())
                     .pipeline_id(Some(self.pipeline_id))
@@ -198,6 +202,7 @@ impl TokenSink for PrefetchSink {
                                 None,
                                 self.referrer.clone(),
                                 self.insecure_requests_policy,
+                                self.has_trustworthy_ancestor_origin,
                             )
                             .origin(self.origin.clone())
                             .pipeline_id(Some(self.pipeline_id))