Propagate destination through load_data (#37020)

This way, we don't always set the destination to Document (which is as
the spec is written today). Instead, we set it it in the load_data,
depending on which context we load it from.

Doing so allows us to set the `Destination::IFrame` for navigations in
iframes, enabling all frame-related CSP checks.

While we currently block iframes when `frame-src` or `child-src` is set,
their respective tests don't pass yet. That's because we don't yet
handle the cases
where we fire the correct `load` event.

Also update one WPT test to correctly fail, rather than erroring. That's
because it was using the wrong JS test variable.

Part of #4577

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>

tests/wpt/meta/MANIFEST.json

@@ -567585,7 +567585,7 @@
       ]
      ],
      "frame-src-blocked.sub.html": [
-      "a4957f8715c4bdc0db9473caee3fc9f2e767fd71",
+      "76fcc2cbb536ba9ec0c8741ad9fe9af470165d32",
       [
        null,
        {}

tests/wpt/meta/content-security-policy/frame-src/frame-src-blocked.sub.html.ini

@@ -1,4 +1,3 @@
 [frame-src-blocked.sub.html]
-  expected: ERROR
   [Expecting logs: ["PASS IFrame #1 generated a load event.","violated-directive=frame-src"\]]
     expected: FAIL

tests/wpt/meta/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js.ini

@@ -1,4 +1,4 @@
 [frame-src-cross-origin-same-document-navigation.window.html]
-  expected: OK
+  expected: TIMEOUT
   [frame-src-cross-origin-same-document-navigation]
-    expected: FAIL
+    expected: TIMEOUT