Specify resolver source to avoid using system resolver for CNAME adblocking

[darkdh]

Resolves brave/brave-browser#12575

In HostResolverManager::CreateTaskSequence

      ...
      if ((flags & HOST_RESOLVER_CANONNAME) && IsAddressType(dns_query_type)) {
        out_tasks->push_back(TaskType::PROC);
      } else if (!ResemblesMulticastDNSName(hostname)) {
      ...

If we specify CNAME query without specifying source, it will use system resolver.
https://chromium.googlesource.com/chromium/src.git/+/541a90cc3bf250ce66fdcc31feae3e78370765b6%5E%21/

Submitter Checklist:

• There is a ticket for my issue.
• Used Github auto-closing keywords in the commit message.
• Wrote a good PR/commit description
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
• Ran git rebase master (if needed).
• Requested a security/privacy review as needed.

Reviewer Checklist:

• New files have MPL-2.0 license header.
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on.
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Custom-Headers
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

1. Launch Brave and go to brave://settings/security
2. Change DOH setting to secure not automatic by
3. Open wireshark and use dns filter and start recording
4. Open a tab and navigate to https://tools.ietf.org/
5. There shouldn't be any UDP dns query of tools.ietf.org in wireshark

[iefremov]

@darkdh would be nice to have a browser test for this, can we craft one?

[darkdh]

@iefremov I can only do MockNetworkContext and MockHostResolver and check the parameter in MockHostResolver::ResolveHost, is that sufficient? But if net::HostResolverManager somehow changes the logic, this test case will still succeed, it won't catch anything. And mocking things in net::HostResolverManager would be the scope of testing net::HostResolverManager, see net/dns/host_resolver_manager_unittest.cc

[darkdh]

signing errors on Windows can be ignored
https://ci.brave.com/job/pr-brave-browser-doh-leak-windows/3/execution/node/227/log/

I will do a follow-up changes for test if we have a proper way to test this behavior.