Freeze JS APIs on Ad-blocking scripts

[cuba]

Resolves brave/brave-browser#40173

Submitter Checklist:

• I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

[Brandon-T]

You need to call secure object on these, just like on line 133.
Otherwise these do nothing.

[cuba]

well they keep people from changing the definition of URL to a string. Which is essentially what I want here. But calling secureObject on these results in the following errors:

TypeError: ProxyObject is not a constructor

[Brandon-T]

I'm okay with it, but I believe they can still technically change the original definition by re-defining the object's functions or w/e.

I'll see if I can add a proxy constructor trap. If it works then we can add it to this PR, if not, it's okay and I'll approve this.

[cuba]

just have to be careful here. some of these are used in our farbling script so these secure objects some will become available to the web page itself. Perhaps I shouldn't use these there but instead use window.. Or perhaps we shouldn't secure those specific APIs

[brave-builds]

A Storybook has been deployed to preview UI for the latest push