Downgrade the global attribute contracts for "cite" and "poster".

These attributes can't run javascript: URLs in mordern browsers.

In Chrome,
- setting the `cite` attribute to a `javascript:` URL doesn't attempt URL parsing.
- setting the `poster` attribute to a `javascript:` URL on a video element results in `net::ERR_UNKNOWN_URL_SCHEME`. This is the same behavior as setting a `src` to `javascript:` on an `img` element.

PiperOrigin-RevId: 716636018

Author: Closure Team

src/com/google/javascript/jscomp/ConformanceRules.java

@@ -2384,8 +2384,6 @@ public static final class SecuritySensitiveAttributes {
             "action",
             "formaction",
             "sandbox",
-            "cite",
-            "poster",
             "icon",
             "codebase",
             "data");