This CL adds a lookalike navigation browser test for signed exchanges.
The current lookalikes code blocks signed exchanges in both of the
following cases:
- The target URL of the SGX package is a lookalike
- The URL that serves the SGX is a lookalike

For the first case, the test navigates to a signed exchange URL that
serves a SGX for google-com.example.org and checks that the URL is
blocked by the target embedding heuristic. The second case serves the
SGX from google-com.example.org and checks that it's blocked.

There is an argument to be made for the latter case to not be blocked
since the URL that serves the SGX is never seen by the user during
normal browsing such as clicking links. However, there is still a chance
that such a URL is shared from outside Chrome (e.g. coming in an email).
We still want to block those cases.

Additionally, detecting that a navigation will end up as a SGX isn't
trivial as the SGX package needs to be fully validated before its
contents can be displayed. It might be too late to block the original
navigation by the time the SGX is validated. This needs to be confirmed
and might be changed in follow up CLs.

Bug: 1110151
Change-Id: I2b2e4841eb142b3f2d1c1cedf82138f578e770a4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2386429
Commit-Queue: Mustafa Emre Acer <meacer@chromium.org>
Reviewed-by: Joe DeBlasio <jdeblasio@chromium.org>
Cr-Commit-Position: refs/heads/master@{#804412}