Prevent web content from forging File entries in drag and drop.

      There are two separate bugs that this and the corresponding Chrome patch
aim to address:
- On Linux, files and URLs are transferred in the same MIME type, so
  it's impossible to tell if a filename was set by a trusted source or
  forged by web content.
- DownloadURL triggers the download of potentially cross-origin content.
  On some platforms, such as Windows, the resulting download is treated
  as a file drag by Chrome, allowing web content to read cross origin
  content.

In order to prevent web content from doing this, drags initiated by a
renderer will be marked as tainted. When tainted drags are over web
content, Blink will only allow the resulting filename to be used for
navigation, with Chrome enforcing this with the sandbox policy.

Unfortunately, this does break some potentially interesting use cases
like being able to drag an attachment from Gmail to a file input, but
those will have to be separately addressed, if possible.

BUG=346135
R=abarth@chromium.org, tony@chromium.org

Review URL: https://codereview.chromium.org/193803002

git-svn-id: svn://svn.chromium.org/blink/trunk@169711 bbb929c8-8fbe-4397-9dbb-9b2b20218538