"dns-prefetch" and "preconnect" links are not handled by Shields

Description

macOS leaks DNS lookups for requests that should be blocked. This occurs for requests that do not need to be CNAME uncloaked, and even when CNAME uncloaking is disabled. Spun off from https://github.com/brave/brave-browser/issues/15302, as Windows 10 is fine

Steps to Reproduce

1. Spin up Wireshark, with TLS session recording, via https://wiki.wireshark.org/TLS#Using_the_.28Pre.29-Master-Secret
2. Visit https://www.macrumors.com while recording traffic, in a new profile
3. Look through the session’s traffic and make sure none of the following occur:

• any requests to googletagmanager.com
• any DNS requests for googletagmanager.com
• any TLS-preconnect steps to googletagmanager.com

Actual result:

There’s a CNAME lookup for googletagmanager.com

Expected result:

Shouldn’t be any DNS CNAME lookup for googletagmanager.com; Windows is fine 👍

Reproduces how often:

100% on macOS nightly

Brave version (brave://version info)

I haven’t yet tried other channels - it was suggested by @antonok-edm to try Brave <= 1.16 (which doesn’t have CNAME uncloaking).