Media: Remove `IMG` from crossorigin attribute injection.

Under `Document-Isolation-Policy: isolate-and-credentialless`, the browser's credentialless mode already handles cross-origin image loading without requiring CORS headers. Explicitly adding `crossorigin="anonymous"` to `<img>` elements overrides this behavior and forces a CORS preflight request, breaking images from servers that don't include `Access-Control-Allow-Origin` in their response headers.

This also removes the related `imagesrcset` handling from `LINK` elements, which had the same issue for `<link>` preload tags for images.

See related Gutenberg issue: https://github.com/WordPress/gutenberg/issues/76476.

Follow-up to [61844], [61846].

Props adamsilverstein, swissspidy.
Fixes #64886.


git-svn-id: https://develop.svn.wordpress.org/trunk@62048 602fd350-edb4-49c9-b593-d223f7449a82