LibWeb: Make HTMLIFrameElement.sandbox.supports() not throw

We have to list the set of allowed values for the DOMTokenList to not
throw when asking if one is supported.

This fixes an issue where YouTube embeds would hang indefinitely trying
to report an endless series of exceptions, seen on https://null.com/

Libraries/LibWeb/DOM/DOMTokenList.cpp

@@ -214,6 +214,7 @@ WebIDL::ExceptionOr<bool> DOMTokenList::supports(StringView token)
     static HashMap<FlyString, Vector<StringView>> supported_tokens_map = {
         // NOTE: The supported values for rel were taken from HTMLLinkElement::Relationship
         { HTML::AttributeNames::rel, { "alternate"sv, "stylesheet"sv, "preload"sv, "dns-prefetch"sv, "preconnect"sv, "icon"sv } },
+        { HTML::AttributeNames::sandbox, { "allow-downloads"sv, "allow-forms"sv, "allow-modals"sv, "allow-orientation-lock"sv, "allow-pointer-lock"sv, "allow-popups"sv, "allow-popups-to-escape-sandbox"sv, "allow-presentation"sv, "allow-same-origin"sv, "allow-scripts"sv, "allow-top-navigation"sv, "allow-top-navigation-by-user-activation"sv, "allow-top-navigation-to-custom-protocols"sv } },
     };
 
     // 1. If the associated attribute’s local name does not define supported tokens, throw a TypeError.

Tests/LibWeb/Text/expected/wpt-import/html/semantics/embedded-content/the-iframe-element/sandbox-ascii-case-insensitive.txt

@@ -2,6 +2,7 @@ Harness status: OK
 
 Found 2 tests
 
-2 Fail
+1 Pass
-Fail	iframe 'sandbox' ASCII case insensitive, allow-same-orİgin
+1 Fail
+Pass	iframe 'sandbox' ASCII case insensitive, allow-same-orİgin
 Fail	iframe 'sandbox' ASCII case insensitive, allow-ſcripts