Worker: Move UpgradeInsecureRequest() to PopulateResourceRequest()

Currently, UpgradeInsecureRequest() is called in
WorkerFetchContext::PrepareRequest(), which is called after
mixed content check.
Therefore, insecure requests are blocked as mixed content
before upgraded.

This CL moves the UpgradeInsecureRequest() call to
WorkerFetchContext::PopulateResourceRequest(), which is called
before mixed content check.
This is also consistent with FrameFetchContext, where
insecure request is upgraded in
FrameFetchContext::PopulateResourceRequest().

Bug: 880986, 880023, 880015, 880027
Change-Id: I983a40eebda8d04698b70d8c29e3707d4dcdf838
Reviewed-on: https://chromium-review.googlesource.com/1205750Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org>
Cr-Commit-Position: refs/heads/master@{#589478}

third_party/blink/renderer/core/loader/worker_fetch_context.cc

@@ -301,8 +301,6 @@ void WorkerFetchContext::PrepareRequest(ResourceRequest& request,
   DCHECK(!user_agent.IsNull());
   request.SetHTTPUserAgent(AtomicString(user_agent));
 
-  FrameLoader::UpgradeInsecureRequest(request, global_scope_);
-
   WrappedResourceRequest webreq(request);
   web_context_->WillSendRequest(webreq);
 }
@@ -399,6 +397,7 @@ void WorkerFetchContext::PopulateResourceRequest(
     const ClientHintsPreferences& hints_preferences,
     const FetchParameters::ResourceWidth& resource_width,
     ResourceRequest& out_request) {
+  FrameLoader::UpgradeInsecureRequest(out_request, global_scope_);
   SetFirstPartyCookieAndRequestorOrigin(out_request);
 }