PSA: Aligning Resource Timing's transferSize with the spec

[Yoav Weiss]

Hey all,

I have a pending CL to address crbug/1185801 and align ResourceTiming's implementation with the spec. In the process of implementing it, I also realized that the fetch spec is lacking an extra cache state, and I'm working on rectifying that.

Aligning RT to the spec here would mean that response header sizes will no longer be directly exposed, even for same origin resources or resources with Timing-Allow-Origin headers. This is because it seems unsafe to expose header sizes directly. 

It also means that redirect chains won't count towards the size exposed in `transferSize`. While we could specify and accumulate redirect body sizes, it seems like we'd be better off reporting redirects directly in the future, in case it becomes a priority.

This change is web observable for folks that'd try really hard to do so (e.g. by adding header sizes to JS on the server side, and then verify that `transferSize-encodedBodySize` doesn't match that value).

At the same time, it's hard to imagine content relying on this, so I believe a PSA is sufficient in this case. Let me know if you think otherwise.

Cheers,
Yoav