Disable web payments API on blob: and data: schemes.

      This patch makes PaymentRequest.show() always reject with
NotSupportedError and PaymentRequest.canMakePayments() always return
false on origins that are not either localhost, file://, or
cryptographic scheme.

BUG=717476

Review-Url: https://codereview.chromium.org/2859613002
Cr-Commit-Position: refs/heads/master@{#469991}