Correct event_target for CSP violations (#36887)

All logic is implemented in `report_csp_violations` to avoid
pulling in various element-logic into SecurityManager.

Update the `icon-blocked.sub.html` WPT test to ensure that
the document is the correct target (verified in Firefox and Chrome).

Fixes #36806

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>

tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/script-tag.http.html.ini

@@ -1,13 +1,4 @@
 [script-tag.http.html]
-  [Content Security Policy: Expects blocked for script-tag to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
-    expected: FAIL
-
-  [Content Security Policy: Expects blocked for script-tag to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
-    expected: FAIL
-
-  [Content Security Policy: Expects blocked for script-tag to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
-    expected: FAIL
-
   [Content Security Policy: Expects blocked for script-tag to same-http origin and swap-origin redirection from http context.]
     expected: FAIL
 

tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/script-tag.https.html.ini

@@ -1,13 +1,4 @@
 [script-tag.https.html]
-  [Content Security Policy: Expects blocked for script-tag to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
-    expected: FAIL
-
-  [Content Security Policy: Expects blocked for script-tag to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
-    expected: FAIL
-
-  [Content Security Policy: Expects blocked for script-tag to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
-    expected: FAIL
-
   [Content Security Policy: Expects blocked for script-tag to same-https origin and swap-origin redirection from https context.]
     expected: FAIL