[WIP] Set Sec-Fetch-Mode from the network service.

In order to move `Sec-Fetch-Mode` into the network service to ensure
that it's consistently set every time `Sec-Fetch-Site` is set, this
patch does a few things:

1.  Based on the conversation in [1] and [2], this patch extends
    `network::mojom::RequestMode` to include two new values to
    represent nested navigations and object/embed navigations as
    distinct from main-frame navigations.

2.  It introduces a new `network::IsNavigationRequestMode()` function
    to replace direct comparisons to `kNavigate` in various parts of
    the codebase.

3.  It refactors `network::SetSecFetchSiteHeader()` into
    `network::SetFetchMetadataHeaders()`. This creates a single entry
    point from `URLLoader` to set all Fetch Metadata headers, and
    fleshes out the `Sec-Fetch-Mode` header.

[1]: w3c/webappsec-fetch-metadata#37
[2]: whatwg/fetch#755

Bug: 972263, 990864
Change-Id: Icd20c7640d3d08ecb34a739f0203140fdcc195d5

fetch/sec-metadata/appcache.tentative.https.sub.html

@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html manifest="/fetch/sec-metadata/resources/record-header.py?file=appcache-manifest">
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=/fetch/sec-metadata/resources/helper.js></script>
+<script src=/common/utils.js></script>
+<body></body>
+<script>
+  async_test(t => {
+    window.applicationCache.oncached = window.applicationCache.onnoupdate = window.applicationCache.onerror = t.step_func(e => {
+        fetch("/fetch/sec-metadata/resources/record-header.py?retrieve=true&file=appcache-manifest")
+          .then(t.step_func(response => response.text()))
+          .then(t.step_func_done(text => assert_header_equals(text, {
+            "dest": "",
+            "site": "same-origin",
+            "user": "",
+            "mode": "no-cors"
+          })))
+          .catch(t.unreached_func("Fetching and verifying the results should succeed."));
+    });
+  }, "Appcache!");
+</script>