merge_pr_56537

Blink: Add lifecycle regression test for about:srcdoc iframes

See https://crbug.com/40937729 for the exploration that led to this
regression test.

Specifically see this comment thread 1 for discussion about the fact
that Mojo callbacks are not supposed to be able to run on HeapMojoRemote
after the associated Document/execution context becomes inactive. This
bug is caused by the fact that we reuse the execution context/
LocalDOMWindow of the initial empty document for subsequent navigations.
This allows for IPCs that target the document to be scheduled, by
virtue of its now-reused Window still being alive. This causes mojo
callbacks to run on the detached document, which have the reasonable
expectation that the document is attached. See 2 for a full diagnosis
and write-up.

R=dcheng

Bug: 40937729
Change-Id: I2cf4766892b7f6ea2550ecd7dac8ab5548158cb6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6148512
Reviewed-by: Daniel Cheng [email protected]
Commit-Queue: Dominic Farolino [email protected]
Cr-Commit-Position: refs/heads/main@{#1554835}