fix($compile): lower the $sce context for `src` on video, audio, source, and track

Previously, video, audio, source, and track sources were $sce.RESOURCE_URL. This is not justified as
no attacks (script execution) are possible through these attributes as far as we can tell. Angular2 also uses the same categorization.

This change is not breaking, and uses of $sce.trustAsResourceUrl before assigning to src or ng-src attributes will just be silently ignored.

This has also been given a LGTM by @mprobst via email.

PR (#15039)
Closes #14019