Implement fetch metadata headers (#33830)

* Implement sec-fetch-dest header

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Implement "is same site" algorithm

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Implement remaining sec-fetch-* headers

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Fix casing of header names

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Fix handling Destination::None in sec-fetch-dest

This also removes the comment about wanting to upgrade
to a newer content-security-protocol version because
the csp doesn't implement the "empty" case.

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Update WPT expectations

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Remove colon from spec comment

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Adjust expected default headers

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Fix test expectations

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

---------

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

components/net/tests/fetch.rs

@@ -1368,6 +1368,20 @@ fn test_fetch_with_devtools() {
         HeaderValue::from_static("gzip, deflate, br"),
     );
 
+    // Append fetch metadata headers
+    headers.insert(
+        HeaderName::from_static("sec-fetch-dest"),
+        HeaderValue::from_static("empty"),
+    );
+    headers.insert(
+        HeaderName::from_static("sec-fetch-mode"),
+        HeaderValue::from_static("no-cors"),
+    );
+    headers.insert(
+        HeaderName::from_static("sec-fetch-site"),
+        HeaderValue::from_static("same-origin"),
+    );
+
     let httprequest = DevtoolsHttpRequest {
         url: url,
         method: Method::GET,