Define security around Window, WindowProxy, and Location properly

This is a relative large change to the way Window, WindowProxy, and Location objects work, at least
from a standards perspective. This should more closely match implementations and define all their
relevant security details.

A rough summary of the changes:

* Window indexed getters have moved to WindowProxy.
* WindowProxy is now a JavaScript exotic object and it handles all the security aspects for Window
  so Window can become an ordinary object.
* Cross-origin named properties for Window are now exposed (though on WindowProxy).
* Location is now an exotic object with all its internal methods overridden to handle the
  cross-origin security aspects.
* Location no longer uses Unforgeable on the interface, allowing that to be removed from IDL. (It
  moved to all of its properties instead and the remaining details are defined through prose.)

This should also address these bugs:

* https://www.w3.org/Bugs/Public/show_bug.cgi?id=20701
* https://www.w3.org/Bugs/Public/show_bug.cgi?id=21674
* https://www.w3.org/Bugs/Public/show_bug.cgi?id=22346
* https://www.w3.org/Bugs/Public/show_bug.cgi?id=27128
* https://www.w3.org/Bugs/Public/show_bug.cgi?id=27502