Use console's debug() to log navigation sinks

[filedescriptor]

Currently, Trusted Types only covers location = 'javascript:' + user_input but not location = user_input and other similar things that trigger navigation. I believe they are common sinks so we don't want to miss them.

It is not possible to hook into the assignment call either. location.__defineSetter__() doesn't work because most properties are read-only. However, it is possible to use the debug() function from DevTools' console (monitor() doesn't work, sadly).

I will see if introducing this change would break anything.