[Backport] CVE-2023-4365: Inappropriate implementation in Fullscreen.

Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4508964:
Use top-level widget for fullscreen notification

On Windows, a topmost child window will be placed behind other topmost
windows when its parent gains focus. This is undesired for the
fullscreen notification, a security-related window, which was being
occluded by the PiP window under certain circumstances.

Fix this by showing fullscreen notification in a top-level widget.

Bug: 1431043, 1459121
Change-Id: I7c2823ccd0485acd65da39ed066675bd06486795
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4508964
Reviewed-by: Peter Kasting <[email protected]>
Commit-Queue: Keren Zhu <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1163941}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/499077
Reviewed-by: Allan Sandfeld Jensen <[email protected]>

chromium/components/fullscreen_control/subtle_notification_view.cc

@@ -225,10 +225,16 @@ views::Widget* SubtleNotificationView::CreatePopupWidget(
   // Initialize the popup.
   views::Widget* popup = new views::Widget;
   views::Widget::InitParams params(views::Widget::InitParams::TYPE_POPUP);
+#if !BUILDFLAG(IS_WIN)
+  // On Windows, this widget isn't parented on purpose to avoid it being
+  // obscured by other topmost widgets. See crbug.com/1431043.
+  // TODO(crbug.com/1459121): Aura should respect the fine-grained levels of
+  // topmost windows defined in ZOrderLevel.
+  params.parent = parent_view;
+#endif
   params.opacity = views::Widget::InitParams::WindowOpacity::kTranslucent;
   params.ownership = views::Widget::InitParams::WIDGET_OWNS_NATIVE_WIDGET;
   params.z_order = ui::ZOrderLevel::kSecuritySurface;
-  params.parent = parent_view;
   params.accept_events = false;
   popup->Init(std::move(params));
   popup->SetContentsView(std::move(view));