Moved new query to 'experimental'

Moved lists of domains to data extensions, including adding those to the overall qlpack.yml

Expanded scope of new query to further domains operated by the untrusted owners of polyfill.io

javascript/ql/test/query-tests/Security/CWE-830/FunctionalityFromUntrustedSource.expected

@@ -5,4 +5,3 @@
 | StaticCreationOfUntrustedSourceUse.html:6:9:6:56 | <script>...</> | Script loaded using unencrypted connection. |
 | StaticCreationOfUntrustedSourceUse.html:9:9:9:58 | <iframe>...</> | Iframe loaded using unencrypted connection. |
 | StaticCreationOfUntrustedSourceUse.html:21:9:21:155 | <script>...</> | Script loaded from content delivery network with no integrity check. |
-| polyfill-nocheck.html:4:9:4:98 | <script>...</> | Script loaded from content delivery network with no integrity check. |

javascript/ql/test/query-tests/Security/CWE-830/PolyfillIOCompromisedScript.expected

@@ -1 +0,0 @@
-| polyfill-nocheck.html:4:9:4:98 | <script>...</> | Script loaded from known-compromised content delivery network with no integrity check. |

javascript/ql/test/query-tests/Security/CWE-830/PolyfillIOCompromisedScript.qlref

@@ -1 +0,0 @@
-Security/CWE-830/PolyfillIOCompromisedScript.ql

javascript/ql/test/query-tests/Security/CWE-830/polyfill-check.html

@@ -1,9 +0,0 @@
-<html>
-    <head>
-        <title>Polyfill demo - Cloudflare hosted with pinned version and integrity checking</title>
-        <script src="https://cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js?version=4.8.0" integrity="sha384-3d4jRKquKl90C9aFG+eH4lPJmtbPHgACWHrp+VomFOxF8lzx2jxqeYkhpRg18UWC" crossorigin="anonymous"></script>
-    </head>
-    <body>
-        ...
-    </body>
-</html>

javascript/ql/test/query-tests/Security/CWE-830/polyfill-nocheck.html

@@ -1,9 +0,0 @@
-<html>
-    <head>
-        <title>Polyfill.io demo</title>
-        <script src="https://cdn.polyfill.io/v2/polyfill.min.js" crossorigin="anonymous"></script>
-    </head>
-    <body>
-        ...
-    </body>
-</html>