Fixed warning about data: URIs in location bar

[privatzee]

Test plan

#7865 (comment)

---

Did you search for similar issues before submitting this one?
yes
Describe the issue you encountered:
@willy-b aptly demonstrated in #4798 how it can be handy to use something like:
data:text/html,<script>alert("no crash")</script> as a demonstration
But while most/all browsers allow that, NoScript forbids it.
Expected behavior:
for a security oriented browser, don't allow that.

• Brave Version:
  0.12.4
• Steps to reproduce:
  1. paste into URL bar:
     data:text/html,<script>alert("no crash")</script>
• Screenshot if needed:
  
• Any related issues:
  E.g., a very long stand-alone phishing page can be contained in the URL bar and get rendered in the browser. You don't have to ever visit an actual malicious website. Also, using a URL shortening service can make it all seem innocent as it gets passed around in email.,

See: https://nakedsecurity.sophos.com/2012/08/31/phishing-without-a-webpage-researcher-reveals-how-a-link-itself-can-be-malicious/

[diracdeltas]

as you mentioned, this is allowed in all major browsers, but i think it's a good suggestion for data: and javascript: scripts to be blocked when noscript mode is on in Brave. note that we also allow scripts in local files even when noscript is on.

[diracdeltas]

setting a milestone because chrome now flags data as insecure

[diracdeltas]

note that, like Chrome, we disable 'javascript:' urls in the urlbar - it does a search instead using the default search engine.