Hook Workers to appropriately treat Blobs completely

[weizman]

Working on #88 to improve Blobs handling, I realized that my fix attempt reopens an issue from the past. Back then, the only way we could think of to handle this issue was to block blobs all together. I now realize I might have a different idea of how to handle that past issue.

As linked above, the problem was that a blob URL can be created inside a Worker, where Snow can't reach, and then just pass the created URL back to top using postMessage and turn it into an iframe.

This is tricky because blob URLs are a unique animal. They are not about:blank so they're load is allegedly not sync, but their inner HTML&JS executes before external load events since a blob is a local resource.

This is the worst thing that could happen to Snow current arch.

To solve this, I can simply make workers unable to create blobs/url objects in the first place. I can do so because if a worker is created out of a blob, that blob is for sure a JS file, so I can just replace it with my own blob JS file. My replacement will simply run some protection code and afterwards will load the original JS. The other way to load a Worker is from a remote resource of course, but that is out of Snow's scope.

[weizman]

if disallowing creation of URL object in Web Workers the way Snow does in https://github.com/LavaMoat/snow/pull/89 prevents your application from running correctly, please share so in this thread so we can discuss the problem and understand how to best deal with it