Re: [ServiceWorker] Make secure context requirements more explicit (#754)

Applied the requirements as discussed so far: 002eba5cbe5df856f86ee450d1b9de07870c1ecd. (Discussed further with @slightlyoff and made it to use "must" for all):

> Service workers must execute in secure contexts. Service worker clients must also be secure contexts to register a service worker registration, to get access to the service worker registrations and the service workers, to do messaging with the service workers, and to be manipulated by the service workers.

- Summary
```
// Disallow register
ServiceWorkerContainer.register() // reject with SecurityError exception

// Disallow the access to registrations and service workers
ServiceWorkerContainer.controller // return undefined.
ServiceWorkerContainer.ready // reject with SecurityError exception 
ServiceWorkerContainer.getRegistration() // reject with SecurityError exception
ServiceWorkerContainer.getRegistrations() // reject with SecurityError exception

// Disallow getting a controller
Handle Fetch step 12.1 returns null when request.client is not a secure context
Clients.claim() // skip the clients which is not secure contexts

// Disallow the access to non-secure clients
Clients.matchAll() // skip the clients which is not secure contexts

// Disallow the access to cache objects (which the spec already does).
CacheStorage.match() // reject with SecurityError exception
CacheStorage.has() // reject with SecurityError exception
CacheStorage.open() // reject with SecurityError exception
CacheStorage.delete() // reject with SecurityError exception
CacheStorage.keys() // reject with SecurityError exception

// Disallow messaging between non-secure SW and non-secure clients
Done by essentially preventing the access to those objects
```

---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/754#issuecomment-147584203