Top-level navigation requests use the document fetch destination. CSP's
effective directive algorithm does not list document as a handled fetch
request destination, but our fallback path treated it like an unknown
fetch destination and applied connect-src.
Return no effective fetch directive for document destinations. This lets
top-level navigation use the CSP navigation checks instead. Keep nested
navigation on the existing frame and iframe path, since HTML rewrites
such requests to the container local name when a navigable has a
container.
This makes https://reddit.com/ load instead of redirecting to a blocked
challenge reponse URL.
These are used by all the *-src attributes, to check if a given URL,
origin and redirect count matches a source list entry specified in
the *-src attribute's values, if it's allowed to.
