Disable CNAME uncloaking when DoH is enabled with an HTTPS proxy

[antonok-edm]

Resolves brave/brave-browser#15038

Submitter Checklist:

• I confirm that no security/privacy review is needed, or that I have requested one
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Custom-Headers
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

1. Find an HTTPS proxy with a location distinct from your own internet provider. Some free public ones are available at https://geonode.com/free-proxy-list, but be warned - they are slow and unreliable!
2. Enable this as a "system proxy". On Linux, you can do this by exporting the https_proxy environment variable before starting the browser, e.g. export https_proxy=https://127.0.0.1:8080 (replace the IP and port as necessary). On Windows and macOS, visit brave://settings, search for proxy, and select Open your computer's proxy settings, then configure it there.
3. Once the proxy is configured (it might require a browser restart on macOS/Windows - I'm not sure), visit https://dnsleaktest.com. If the proxy is configured correctly, the page should show the proxy's public IP address rather than your own.
4. Run the Standard test to completion. In my experience, this takes a very long time to complete using free public proxies, sometimes failing and requiring multiple refreshes. The test should complete with at least 1 Servers found.
5. Once the test is completed, you should see the list of servers appear. Verify that they are all in the proxy's region, rather than near your physical location.

[diracdeltas]

this approach sgtm but i wonder if the ProxySettingsAllowUncloaking checks can be refactored into a general-purpose method, like ShouldAllowResolveDNS, which must be called before Brave issues a DNS request that isn't usually issued - for instance in #8068. cc @spylogsster

[iefremov]

it looks good, can we add a test?

[antonok-edm]

@iefremov we weren't able to add proxy setting tests when I investigated last time, but I added StubResolverConfigReader to our unit tests.