Limit URL requests to whitelisted schemes in windows with Tor

[riastradh-brave]

In brave/brave-core#2647, to fix #4312, we lost some logic to block URL requests outside a small whitelist that are safe through Tor or don't need Tor:

  if (request_url.SchemeIsHTTPOrHTTPS()) {
    auto* proxy_service = ctx->request->context()->proxy_resolution_service();
    return tor_profile_service->SetProxy(proxy_service, request_url, false);
  } else if (request_url.SchemeIs(content::kChromeUIScheme) ||
             request_url.SchemeIs(extensions::kExtensionScheme) ||
             request_url.SchemeIs(content::kChromeDevToolsScheme)) {
    // No proxy for internal schemes.
    return net::OK;
  } else {
    return net::ERR_DISALLOWED_URL_SCHEME;
  }

brave/brave-core@d7db72e#diff-de4449937f0f4de57a0104b7b425bafbL47-L57

We should find a place to restore that so that we do not inadvertently allow URL requests with schemes that are unsafe through Tor. (It is conceivable that all URL schemes are safe, but this seems unlikely and requires a much more substantial audit than we have conducted in order to inspire confidence.)

[diracdeltas]

is this just a dupe of #4461 ?

[riastradh-brave]

For posterity: it is not quite a duplicate because #4461 is about external protocol handlers, while this is about internally handled protocols. But Anthony's change should fix both in one swell foop.