CSSImageValue ratio and no-cors fetches

[annevk]

We currently don't expose the ratio of no-cors cross-origin images. If this would that would be a new cross-origin leak. You need to ensure this is guarded appropriately.

(It's not entirely clear to me how this setup works at the moment since the loading pipeline doesn't seem to be defined.)

[tabatkins]

In the interest of giving myself time to get all this right, I've severely trimmed down the API for this level (#716), and this issue is now moot. I'll move it to level 2.