New issue by selfisekai on void-packages repository

https://github.com/void-linux/void-packages/issues/29273

Description:
<!-- Don't request update of package. We have a script for that. https://alpha.de.repo.voidlinux.org/void-updates/void-updates.txt . However, a quality pull request may help. -->
### System

* xuname: `Void 5.10.19_1 x86_64 AuthenticAMD uptodate rrmFF`
  *output of ``xuname`` (part of xtools)*
* package: `chromium-88.0.4324.182_1` 
  *affected package(s) including the version*: ``xbps-query -p pkgver <pkgname>``

### Expected behavior
A package downloaded from outside of the nonfree repository should not contain/download non-free components

### Actual behavior
Chromium downloads the Widevine component and uses it, which is not really transparent to the user.
![image](https://user-images.githubusercontent.com/11798442/110215944-a903b800-7eac-11eb-82b4-90ead6423f65.png)
![image](https://user-images.githubusercontent.com/11798442/110216334-dd787380-7eae-11eb-8fba-9830627671f2.png)

### Steps to reproduce the behavior
- `xbps-install chromium`
- `chromium`
- open `chrome://components` and force an update of Widevide CDM, or just wait until it gets triggered itself
- try playing a Widevine-protected video, like here: https://bitmovin.com/demos/drm