Detect cross-origin visit request attempts

[jayohms]

This is the corresponding PR to the same turbo-android issue outlined in https://github.com/hotwired/turbo-android/pull/325

The core turbo.js library does not permit cross-origin visit requests (i.e. a link that redirects to an external domain). These requests call the adapter method visitRequestFailedWithStatusCode(visit, statusCode) for all platforms.

To handle this in the browser adapter, non-HTTP status code failures update the window.location so the browser can handle the top-level redirect. The browser adapter does not actually know whether a cross-origin redirect was attempted, since the CORS policy restricts requests to the same-origin, but updating the window.location directly bypasses needing this knowledge.

The mobile adapters, however, can't just update the window.location — a new visit needs to be proposed so the native app can decide how to handle the external url request. This PR finds any potential cross-origin redirect locations when a visit request fails with a non-HTTP status code and proposes the external redirect location as a new visit.

Fixes #200

Test with the demo branch: https://github.com/hotwired/turbo-native-demo/pull/34

[jayohms]

@joemasilotti @svara @olivaresf Can you give this a review and let me know if the way to pop the backstack for a visitable that leads to a cross-origin redirect is the best impementation? (Updated demo web branch linked in the PR description.)

[pfeiffer]

Added a PR in #203 implementing the session delegate for handling cross-origin redirects.

[joemasilotti]

Closed in favor of #203.