Implement the `require-sri-for` CSP directive

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/require-sri-for/require-sri-for-script-preload-allowed.php

+<!doctype html>
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+// TODO(mkwst) extend the policy when preload supports SRI
+<meta http-equiv="Content-Security-Policy" content="require-sri-for; script-src 'self' 'unsafe-inline'">
+<link rel="preload" href="not-ran.js" as="script">
+</head>
+<script>
+        var executed_test = async_test("Script that requires integrity executes and does not generate a violation report.");
+        document.addEventListener('securitypolicyviolation', executed_test.unreached_func("No report should be generated."));
+        var t = async_test('Makes sure that require-sri-for applies to preloaded resources.');
+    window.addEventListener("load", t.step_func(function() {
+        var entries = performance.getEntriesByType("resource");
+        assert_equals(entries.length, 4);
+        t.done();
+    }));
+    executed_test.done();
+</script>
+<script crossorigin integrity="sha384-SOGIJ0vOWzweNE6RLF/TOXGmPzCxF5+dNuBP4x1NgnKsfC4yFCVIDJILalTMwUrp" src="ran.js"></script>
+