Allow xhr.withCredentials to be set per request type

[davemevans]

As requested by Trevor Hunsaker on Slack.

[davemevans]

Trevor's actual use case was for requests to key server. Protection does not use XHRLoader so this won't fix that. Perhaps, then, this PR isn't needed but seems like it might be good to be able to, for instance, get MPD with credentials but not segments or something?

Trevor discovered that if you set "withCredentials": true in protData, withCredentials is set on the XHR.

[vzTrevorHunsaker]

I realized that my initial request overlooked something: during testing I'd manually set a cookie in my browser that was being sent back during the key request. This oversight didn't take into account that at some point I'll need to have the browser set the cookie, and the request for any XHR response that wishes to set a cookie will also need to be made with withCredentials == true. I was planning on sending the Set-Cookie header in the response to the MPD request. I just tested the branch from this pull request and was able to successfully set the cookie dynamically during the MPD request/response and see it sent back in the key requests.

As such, I'd like to still advocate for this pull request.