Add InsecureHttp and InsecureWs options

[andrewlock]

@tiesont flagged that we need http: and ws: for browserlink, so added the insecure options too:

• OverInsecureHttp()
• OverInsecureWs()

To try to discourage their use in general (because they allow insecure usage), added an analyzer to mark them as insecure. That said, it seemed weird to make them Warnings, so just added them as Info, the same as in #272. If you want to be safe, you can always increase the level:

dotnet_diagnostic.NEASPSH002.severity = warning

Also, small fix, moved the data: and blob: to the scheme source attribute

[github-actions]

Test Results

   39 files  ± 0     39 suites  ±0   28m 5s ⏱️ + 9m 3s
  261 tests + 4    261 ✅ + 4  0 💤 ±0  0 ❌ ±0 
3 393 runs  +52  3 393 ✅ +52  0 💤 ±0  0 ❌ ±0 

Results for commit 0e31fe0. ± Comparison against base commit 6151e94.

This pull request removes 1 and adds 5 tests. Note that renamed tests count towards both.

SourceGenerator.Test.ContentSecurityPolicyGeneratorTests ‑ CanGenerateEnumExtensionsInGlobalNamespace

SourceGenerator.Test.ContentSecurityPolicyGeneratorTests ‑ CanGenerateCspMixinsInGlobalNamespace
SourceGenerator.Test.InsecureApiAnalyzerTests ‑ EmptySource
SourceGenerator.Test.InsecureApiAnalyzerTests ‑ UsageOfExtensionMethodWithAttribute
SourceGenerator.Test.InsecureApiAnalyzerTests ‑ UsageOfExtensionMethodWithoutAttribute
SourceGenerator.Test.InsecureApiAnalyzerTests ‑ UsageOfMethodWithAttribute