Add resource header for mime sniffing (#39167)

The concept of a "resource header" is not well specced, since it is
unclear what a "resource" is. That said, it most closely matches a
"response" as part of the navigation params.

With this change, we now delay loading the document until either two
things happen:
1. We reached the end of the file
2. We processed 1445 bytes (as defined by spec)

We initially store bytes in the resource header and then after loading
parse the stored bytes. Any subsequent loading will process as before.

Part of #14024

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>

components/script/dom/document.rs

@@ -1799,6 +1799,18 @@ impl Document {
         self.policy_container.borrow()
     }
 
+    pub(crate) fn set_policy_container(&self, policy_container: PolicyContainer) {
+        *self.policy_container.borrow_mut() = policy_container;
+    }
+
+    pub(crate) fn set_csp_list(&self, csp_list: Option<CspList>) {
+        self.policy_container.borrow_mut().set_csp_list(csp_list);
+    }
+
+    pub(crate) fn get_csp_list(&self) -> Option<CspList> {
+        self.policy_container.borrow().csp_list.clone()
+    }
+
     /// Add the policy container and HTTPS state to a given request.
     ///
     /// TODO: Can this hapen for all requests that go through the document?
@@ -3479,14 +3491,6 @@ impl Document {
         self.resize_observer_started_observing_target.set(value);
     }
 
-    pub(crate) fn set_csp_list(&self, csp_list: Option<CspList>) {
-        self.policy_container.borrow_mut().set_csp_list(csp_list);
-    }
-
-    pub(crate) fn get_csp_list(&self) -> Option<CspList> {
-        self.policy_container.borrow().csp_list.clone()
-    }
-
     /// Prevent any JS or layout from running until the corresponding call to
     /// `remove_script_and_layout_blocker`. Used to isolate periods in which
     /// the DOM is in an unstable state and should not be exposed to arbitrary