Add Origin isolation test for user-provided IPFS Gateway

[lidel]

Brave should verify if a gateway entered by the user provides Origin-per-CID.
This is paramount for basic isolation between websites loaded via ipfs:// and ipns:// when public gateway is selected as a resolver.

Test script

Assuming user entered "https://dweb.link" as their gateway:

1. Make HTTP GET request for https://dweb.link/ipfs/bafkqaaa
2. Inspect the response
   • Status code should be a 301 redirect (200 means failure – lack of origin isolation)
   • Location header should point at a subdomain: https://bafkqaaa.ipfs.dweb.link/

If needed, https://cf-ipfs.com can be used as an alternative name for tests.

Click to expand why "bafkqaaa"

The weirdly short "bafkqaaa" is a handy CID we use for various tests: it represents a zero-length "identity" multihash, so in other words "". Its main property is that it does not trigger DHT lookup, because empty byte array is inlined into the identifier itself, so the test is instant, and the payload is empty, so we can use regular GET instead of HEAD.

Expected behavior

• Brave should refuse accepting custom gateways entered by the user unless they pass this test.
  • If gateway fails to pass this test, display an error along these lines: Provided IPFS gateway does not provide origin isolation per CID and can't be used in browser context

cc #13683 #13751 @bbondy @spylogsster

[lidel]

@spylogsster I believe more modern check was implemented in #16999 and can be closed.

The only thing I would change is to improve label – filled #18212 for that.