script: Fix check for document root when targeting CSP events (#37474)

The check was incorrect, where it was never matching and always
discarding the element. Instead, we should check the owner document,
which is the shadow-including root of the node.

Part of #4577

---------

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>

components/script/security_manager.rs

@@ -59,7 +59,7 @@ impl CSPViolationReportTask {
             &self.global.root(),
             Atom::from("securitypolicyviolation"),
             EventBubbles::Bubbles,
-            EventCancelable::Cancelable,
+            EventCancelable::NotCancelable,
             EventComposed::Composed,
             &self.violation_report.clone().convert(),
             can_gc,