Make integrity="" work on module scripts

The primary normative content of this commit is that it fixes #2382 by
passing the integrity metadata to the fetch call for the top-level
module script, in <script type=module>.

However, the way it does this is via a larger refactoring, which is
setting the stage for #2315. It creates a new struct, the script fetch
options, which is now shared by both module and classic scripts. Storing
this for classic scripts is not currently useful, but will be for #2315
when, via import(), classic scripts are able to import module scripts,
and need these fetch options to do so.

This will also be useful for when we revive #2383, as
<link rel=modulepreload> can have referrerpolicy="" specified on it,
which will need to be passed down. (It would also be useful if we ever
do w3c/webappsec-referrer-policy#96 and add
referrerpolicy="" to <script>.) With this structure in place, it's a
simple matter of adding a referrer policy item to the script fetch
options.