Add Size Leaks

[manuelvsousa]

Size Leaks are very important XS-Leaks. They are often addressed in the browser when researchers find exact ways to leak the size. Some mechanisms that still work:

• Cache Timing (Original Ref) can be used to predict the size of a request.

Fixed, but relevant works (we should document them):

• Flash Size Leaks. Flash is going to be removed by the end of the year Ref1, Ref2 (currently is under strict user permissions)
• Attackers could abuse the way browsers use cache limits (Ref1 & Ref2) to predict the size of a resource using Cache API (Ref1 & Ref2). Browsers fixed this issue by adding random noise (Ref1-Chrome & Ref2-Firefox)
• Video and Audio Parsing. This also involves CORB and CORP.
• HEIST. I believe the fix was the same as the one in cache limits Ref1 & Ref2)

[NDevTK]

@manuelvsousa did "HEIST" get fixed it seems like window navigations should bypass "SameSite cookies" from https://github.com/w3c/resource-timing/issues/64#issuecomment-242785022 Considering the SharedArrayBuffer can be used to create a high precision clock https://github.com/whatwg/storage/issues/31 may not be enough to prevent this. https://xsleaks.dev/docs/attacks/timing-attacks/network-timing/#unload-events

[NDevTK]

Created https://github.com/xsleaks/wiki/pull/114 for compression attacks.