Check all ancestor navigable trustworthiness for mixed content (#36157)

Propagate through documents a flag that represents if any of the
ancestor navigables has a potentially trustworthy origin.

The "potentially trustworthy origin" concept appears to have gotten
confused in a couple of places and we were instead testing if a URL had
"potentially trustworthy" properties.

The main test for the ancestor navigables is
[mixed-content/nested-iframes](https://github.com/web-platform-tests/wpt/blob/master/mixed-content/nested-iframes.window.js)

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #36108 

<!-- Either: -->
- [X] There are tests for these changes

---------

Signed-off-by: Sebastian C <sebsebmc@gmail.com>

components/script/dom/xmlhttprequest.rs

@@ -688,6 +688,7 @@ impl XMLHttpRequestMethods<crate::DomTypeHolder> for XMLHttpRequest {
         .origin(self.global().origin().immutable().clone())
         .referrer_policy(self.referrer_policy)
         .insecure_requests_policy(self.global().insecure_requests_policy())
+        .has_trustworthy_ancestor_origin(self.global().has_trustworthy_ancestor_or_current_origin())
         .pipeline_id(Some(self.global().pipeline_id()));
 
         // step 4 (second half)
@@ -1515,6 +1516,7 @@ impl XMLHttpRequest {
             false,
             false,
             Some(doc.insecure_requests_policy()),
+            doc.has_trustworthy_ancestor_origin(),
             can_gc,
         )
     }