Carry the expected asset hash through redirected network fetches so a hashed manifest entry cannot cache bytes from a different redirect target.

PR Checklist

Please check if your PR fulfills the following requirements:

• The commit message follows our guidelines: https://github.com/angular/angular/blob/main/contributing-docs/commit-message-guidelines.md
• Tests for the changes have been added (for bug fixes / features)
• Docs have been added / updated (for bug fixes / features)

PR Type

What kind of change does this PR introduce?

• Bugfix
• Feature
• Code style update (formatting, local variables)
• Refactoring (no functional changes, no api changes)
• Build related changes
• CI related changes
• Documentation content changes
• angular.dev application / infrastructure changes
• Other... Please describe:

What is the current behavior?

When a hashed service-worker asset request is fulfilled through a redirect, the final redirected response can be returned to the caching path without validating the final response body against the original manifest hash.

Issue Number: N/A

What is the new behavior?

The expected manifest hash is carried through redirected network fetches. If the final successful redirected response body does not match the original hash, Angular raises a service-worker critical error instead of returning the mismatched response for caching.

Does this PR introduce a breaking change?

• Yes
• No

Other information

Tested with:

• bazelisk test //packages/service-worker/worker/test:test --test_output=errors --cache_test_results=no
• git diff --check main..HEAD
• pnpm ng-dev commit-message validate-range main HEAD
• pnpm ng-dev format changed --check main
• pnpm tslint
• pnpm ts-circular-deps:check