Fix cookie exclusion for fetch CORS pre-flight requests (fixes #3596)

Cookies (and other credentials) will be excluded when appropriate by
downgrading |credentials_mode| from kSameOrigin to kOmit.

Improve logic for Origin header inclusion, including a fix for
Referrer/Origin calculation in URLRequestJob::ComputeReferrerForPolicy
when used with custom standard schemes.

Specify correct CookiePartitionKeyCollection when loading cookies.

To test:
- Run tests from https://browseraudit.com/ with and without
  `--disable-request-handling-for-testing`. Results are the same.
- Run `ceftests --gtest_filter=CorsTest.*`.

libcef/browser/net_service/cookie_helper.cc

@@ -249,11 +249,19 @@ void LoadCookies(const CefBrowserContext::Getter& browser_context_getter,
     return;
   }
 
+  net::CookiePartitionKeyCollection partition_key_collection;
+  if (request.trusted_params.has_value() &&
+      !request.trusted_params->isolation_info.IsEmpty()) {
+    partition_key_collection = net::CookiePartitionKeyCollection::FromOptional(
+        net::CookiePartitionKey::FromNetworkIsolationKey(
+            request.trusted_params->isolation_info.network_isolation_key()));
+  }
+
   CEF_POST_TASK(
       CEF_UIT,
       base::BindOnce(LoadCookiesOnUIThread, browser_context_getter, request.url,
                      GetCookieOptions(request, /*for_loading_cookies=*/true),
-                     net::CookiePartitionKeyCollection(), allow_cookie_callback,
+                     std::move(partition_key_collection), allow_cookie_callback,
                      std::move(done_callback)));
 }