fix($compile): lower the $sce context for `src` on video, audio, source, track

Previously, video, audio, source, and track sources were $sce.RESOURCE_URL. This is not justified as
no attacks (script execution) are possible through these attributes as far as we can tell.
Angular2 also uses the same categorization.

This change is not breaking, and uses of $sce.trustAsResourceUrl before assigning to src or ng-src
attributes will just be silently ignored.

This has also been given a LGTM by @mprobst via email.

Commit 485320129dd8a942acfcb1e9388eb09667f383b6 on the master branch contains the same changes, but
is missing this commit description.

This commit does not backport the BC introduced in 04cad41d26ebaf44b5ee0c29a152d61f235f3efa.

PR (#15039)
Closes #14019