htmlvideoelement: Include security settings in poster image request (#36605)

This PR addresses [#36593](https://github.com/servo/servo/issues/36593),
where the poster image request for `<video>` elements lacked several
settings introduced in `RequestBuilder`. These settings —
`insecure_requests_policy`, `has_trustworthy_ancestor_origin`, and
`policy_container` — are now forwarded from the document, aligning
poster requests with other fetches using the correct policy container
and trust assessment.

This ensures that poster images are requested under the same security
assumptions as other media or resource loads.

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #36593

<!-- Either: -->
- [X] There are tests for these changes

Signed-off-by: Emmanuel Elom <elomemmanuel007@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>

components/script/dom/htmlvideoelement.rs

@@ -233,8 +233,10 @@ impl HTMLVideoElement {
         .credentials_mode(CredentialsMode::Include)
         .use_url_credentials(true)
         .origin(document.origin().immutable().clone())
-        .pipeline_id(Some(document.global().pipeline_id()));
-
+        .pipeline_id(Some(document.global().pipeline_id()))
+        .insecure_requests_policy(document.insecure_requests_policy())
+        .has_trustworthy_ancestor_origin(document.has_trustworthy_ancestor_origin())
+        .policy_container(document.policy_container().to_owned());
         // Step 5.
         // This delay must be independent from the ones created by HTMLMediaElement during
         // its media load algorithm, otherwise a code like