Stripping preload hints applies to disallowed and unauthorized resources

[jeffkaufman]

Currently we strip preload hints if they look like:

   <link rel=subresource src=...>                                         
   <link rel=preload src=...>                                   

Preload hints are actually documented to use href and not src: https://w3c.github.io/preload/

[jeffkaufman]

Actually, it's worse than that. We strip preload hints if they look like:

   <link rel=subresource ...>                                         
   <link rel=preload ...>

unless they contain src= that points to a resource we're not allowed to rewrite (unauthorized domain or disallowed).