[interactive_media_ads] Remove usesCleartextTraffic

[mboetger]

Removes deprecated usesCleartextTraffic and replaces it with a network configuration policy file.

Addresses: #182553

Pre-Review Checklist

• I read the [Contributor Guide] and followed the process outlined there for submitting PRs.
• I read the [Tree Hygiene] page, which explains my responsibilities.
• I read and followed the [relevant style guides] and ran [the auto-formatter].
• I signed the [CLA].
• The title of the PR starts with the name of the package surrounded by square brackets, e.g. [shared_preferences]
• I [linked to at least one issue that this PR fixes] in the description above.
• I updated pubspec.yaml with an appropriate new version according to the [pub versioning philosophy], or I have commented below to indicate which [version change exemption] this PR falls under[^1].
• I updated CHANGELOG.md to add a description of the change, [following repository CHANGELOG style], or I have commented below to indicate which [CHANGELOG exemption] this PR falls under[^1].
• I updated/added any relevant documentation (doc comments with ///).
• I added new tests to check the change I am making, or I have commented below to indicate which [test exemption] this PR falls under[^1].
• All existing and new tests are passing.

[flutter-dashboard]

It looks like this pull request may not have tests. Please make sure to add tests or get an explicit test exemption before merging.

If you are not sure if you need tests, consider this rule of thumb: the purpose of a test is to make sure someone doesn't accidentally revert the fix. Ask yourself, is there anything in your PR that you feel it is important we not accidentally revert back to how it was before your fix?

Reviewers: Read the Tree Hygiene page and make sure this patch meets those guidelines before LGTMing. If you believe this PR qualifies for a test exemption, contact "@test-exemption-reviewer" in the #hackers channel in Discord (don't just cc them here, they won't see it!). The test exemption team is a small volunteer group, so all reviewers should feel empowered to ask for tests, without delegating that responsibility entirely to the test exemption group.

[gemini-code-assist]

Code Review

This pull request correctly migrates the example app's debug configuration from the deprecated usesCleartextTraffic attribute to a more modern networkSecurityConfig file. The changes are implemented correctly for both the native Android layer and the Flutter engine. I have one suggestion to further harden the security of this debug configuration by restricting the scope of cleartext traffic.

[gemini-code-assist]

While this configuration correctly preserves the behavior of the deprecated usesCleartextTraffic="true", it's a security best practice to be as restrictive as possible, even in debug builds. Consider using a <domain-config> to limit cleartext traffic to only the specific domains required for testing. This follows the principle of least privilege and sets a better example for developers using this package.

For example:

<domain-config cleartextTrafficPermitted="true">
    <domain includeSubdomains="true">your-test-domain.com</domain>
    <domain includeSubdomains="true">10.0.2.2</domain> <!-- For Android emulator localhost -->
</domain-config>

If the required domains are not known or are highly variable, the current <base-config> is an acceptable fallback for a debug environment.