Check all ancestor navigable trustworthiness for mixed content (#36157)

Propagate through documents a flag that represents if any of the
ancestor navigables has a potentially trustworthy origin.

The "potentially trustworthy origin" concept appears to have gotten
confused in a couple of places and we were instead testing if a URL had
"potentially trustworthy" properties.

The main test for the ancestor navigables is
[mixed-content/nested-iframes](https://github.com/web-platform-tests/wpt/blob/master/mixed-content/nested-iframes.window.js)

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #36108 

<!-- Either: -->
- [X] There are tests for these changes

---------

Signed-off-by: Sebastian C <sebsebmc@gmail.com>

tests/wpt/meta/fetch/cross-origin-resource-policy/scheme-restriction.https.window.js.ini

@@ -0,0 +1,3 @@
+[scheme-restriction.https.window.html]
+  [Cross-Origin-Resource-Policy does not block Mixed Content <img>]
+    expected: FAIL

tests/wpt/meta/fetch/private-network-access/mixed-content-fetch.tentative.https.window.js.ini

@@ -133,3 +133,24 @@
 
   [https-treat-as-public to http-private: success.]
     expected: FAIL
+
+  [https-private to http-local: PUT success.]
+    expected: FAIL
+
+  [https-private to http-local: no-cors success.]
+    expected: FAIL
+
+  [https-public to http-local: PUT success.]
+    expected: FAIL
+
+  [https-public to http-local: no-cors success.]
+    expected: FAIL
+
+  [https-public to http-private: PUT success.]
+    expected: FAIL
+
+  [https-public to http-private: no-cors success.]
+    expected: FAIL
+
+  [https-treat-as-public to http-local: success.]
+    expected: FAIL