Added sanitizer step for api helper

[spylogsster]

Resolves brave/brave-browser#21831

Added JsonSanitizer to ApiRequestHelper to validate server responses. It sanitizes and normalizes JSON by parsing it in a safe environment and re-serializing it. Parsing the sanitized JSON should result in a value identical to parsing the original JSON.
For those cases where we expect data that cannot be correctly processed by the JsonSanitizer and base/json parser, a preprocessing callback for the response text was added to convert the necessary values into strings by using safe parsers.
Example can be seen in this test.

Mandatory updates in unittests:

• data_decoder::test::InProcessDataDecoder in_process_data_decoder_; is required to be created for tests that use JsonSanitizer
• JsonSerializer removes spaces, some testing payloads have been fixed due to the requirement.
• For desktops added a flag to allow trailing commas in json, but it doesn't work in Android. Android implementation will treat it as invalid json.

Submitter Checklist:

• I confirm that no security/privacy review is needed, or that I have requested one
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Custom-Headers
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

• APIRequestHelper is used in BraveWallet, BraveAdaptiveCaptcha, BraveToday, need to check that these components work as expected

[gpestana]

Deferring my review to @emerick as he led all the client-side implementation of adaptive captcha.

[emerick]

LGTM re: adaptive captcha

[gpestana]

LGTM (cc @emerick)

[petemill]

Just noting this broke Brave News which uses this helper to download the image from the brave news private cdn. We'll fix that by stopping it use api request helper for that request.

[bbondy]

maybe sanitize by response content-type?