This feature is getting to big for a single code review so I'm splitting it up.
This is all behind the experimental CSP features flag.

What is covered:
The 'navigate-to' directive is now parsed and understood
The navigation relevant directives are passed as part of common params
A navigation csp context is created out of the navigation relevant directives
This navigation csp context is used to perform the 'navigate-to' checks

What is not covered but I will cover in future CRs:
securitypolicyviolation events are raised on the wrong host because we don't know
what the initiator is
CSP reports are sent using the current frame host as an intermediary which has
negative security implications
There are no WPT tests for the 'unsafe-allow-redirects' flag, only unit tests

I2S: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/EJ4xF_DwZyk
Spec: https://w3c.github.io/webappsec-csp/#directive-navigate-to

Bug: 805886
Change-Id: Iaab324163dbe7389dcd440afa1ee51c0de215401

TBR=jochen@chromium.org

Change-Id: Iaab324163dbe7389dcd440afa1ee51c0de215401
Reviewed-on: https://chromium-review.googlesource.com/957726
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#559026}