Move 401/407 into the network realm

This commit makes the following changes:

* Moves 401 and 407 handling into the network realm. That way 401 and
407 responses from service worker just surface at the API level rather
than potentially triggering new network activity.
* That means only responses with redirect statuses have special
semantics when they come from a service worker.
* Only when redirects are automatically followed should we set the
skip-service-worker flag, otherwise we negatively affect navigations.
(Note #362 for follow up work regarding foreign fetch, which is still
somewhat broken.)
* This also removes the requirement that a 407 abides by the CORS
protocol, which was not entirely sensical.
* It makes various editorial corrections, for which I apologize as in
retrospect they make this harder to review.

Fixes #363 and fixes
w3c/ServiceWorker#793.

Author: annevk