This CL uses constructor origin for outside settings security origin.

Previously, we were using script_request_url to calculate security
origin because script url usually has the same origin with the
constructor.
However, it differs sometimes, for example, when script url is data URL.
By using constructor origin, HTTPState can be calculated correctly for
data URL and works as same as before for normal url like https://example.com.

In this CL, WPTs covers dynamic import and static import for data url
and HTTP(s) Scheme scripts. WPTs for fetch API with data URL worker and
iframe is added from external Github.
Pull Request: https://github.com/web-platform-tests/wpt/pull/21877
(This PR is already merged.)

Bug: 1048619, 881202
Change-Id: I78ef9a501b80fe03ad8b3d59d5e6b4d3b8ba2f6e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2046803
Commit-Queue: Eriko Kurimoto <[email protected]>
Reviewed-by: Kinuko Yasuda <[email protected]>
Reviewed-by: Hiroki Nakagawa <[email protected]>
Cr-Commit-Position: refs/heads/master@{#744947}