[SEO Audits] Avoids plugins

[rviscomi]

Audit group: Content best practices
Description: Avoids plugins
Failure description: Does not avoid plugins ({plugins...})
Help text: Some types of media or content are not playable on mobile devices, such as license-constrained media or experiences that require Flash or other players that are not broadly supported on mobile devices. Unplayable content, when featured on a page of any website can be very frustrating for users.

Success condition: No plugin in the blocklist below is detected on the page.

Blocklist:

• Flash
• Silverlight
• Java

Notes:

• See previous Lighthouse issue and PR
• Use debugString to elaborate on which plugins were detected, also possibly the source code that included them.
• Exact detection methods for each plugin still TBD

[kdzwinel]

My findings so far:

1. Previous PR was focusing on security. Team's goal there was to make sure that the audited page blocks plugins using CSP + sandbox combo. Our angle is different since we don't want (in this audit at least) to mention CSP or sandbox attribute. We just want to discourage plugin use.

2. Flash is very often embedded using swfobject library. This library does feature detection and only creates <object> when flash plugin is detected. Assuming that silverlight and java might be doing similar feature detection (haven't checked yet), it means that plugins will be only detectable by lighthouse on environments that have them installed.
   More on swfobject here: http://blog.deconcept.com/swfobject/ .

3. <object> might be used for other things than plugins, e.g embedding SVG. So just checking for <object> will not be enough. We should probably check mime-type, or at least the extension of the embedded file.