In order to make sure powerful features are exposed only to secure contexts, we should run global-interface-listing tests on both secure and insecure contexts.

Currently, global-interface-listing tests...

- for window, dedicated worker, and shared worker run on file://.
- for service workers, and worklets run on http://localhost/.

file:// and http://localhost are considered as secure contexts, so these tests don't help to prevent from exposing powerful features to insecure contexts.

Some features have their own tests to check API surface on insecure contexts (e.g., http/tests/worklet/import-on-insecure-context.html), but this doesn't help to improve test coverage.