CORS: Safelist Last-Event-ID

https://bugs.webkit.org/show_bug.cgi?id=289396

This change has been discussed in whatwg/fetch#568
and the proposed spec change is available at whatwg/fetch#568
Changes to web platform tests that reflect the change are also available at
web-platform-tests/wpt#49257, thus no change to tests in this PR.

Reviewed by NOBODY (OOPS!).

Adds another rule for `Last-Event-ID` that checks for CORS-unsafe request header bytes.

* Source/WebCore/platform/network/HTTPParsers.cpp:
(WebCore::isCrossOriginSafeRequestHeader):

Author: rexxars

Source/WebCore/platform/network/HTTPParsers.cpp

@@ -962,6 +962,10 @@ bool isCrossOriginSafeRequestHeader(HTTPHeaderName name, const String& value)
             return false;
         break;
     }
+    case HTTPHeaderName::LastEventID:
+        if (containsCORSUnsafeRequestHeaderBytes(value))
+            return false;
+        break;
     case HTTPHeaderName::Range:
         long long start;
         long long end;