specify the prohibits mixed security contexts algorithm for multiple presentation URLs

[schien]

In step 3 of the "Starting a presentation" algorithm, it only defined the behavior if one presentation URL is assigned. Below are the two possible solutions:

1. If the result of the algorithm is "Prohibits Mixed Security Contexts" and any of the presentationUrls is an a priori unauthenticated URL, then return a Promise rejected with a SecurityError and abort these steps
2. If the result of the algorithm is "Prohibits Mixed Security Contexts" and all of the presentationUrls are a priori unauthenticated URL, then return a Promise rejected with a SecurityError and abort these steps. Otherwise exclude those URLs that are a priori unauthenticated URL from presentationUrls and continue the algorithm.

[schien]

BTW, we need to sync the description of mixed security context check in section 6.4.3 "Getting the presentation displays availability information" as well.

[markafoltz]

Thanks for pointing this out @schien.

I think it might be unexpected behavior if some URLs were allowed to continue in the algorithm and others are not; the order matters. I'm going to prepare a PR to implement your suggestion 1 and address your second comment as well.