Allow some fenced frames to inherit permissions

[blu25]

See the "Permissions Changes" section of this document for details.

Fenced frames with unpartitioned data access need to be able to allow certain permissions policy-backed features (mainly Shared Storage) in order to function properly. This PR accomplishes that by allowing these fenced frames to inherit permissions policies the way that iframes do, but only allows a select list of permissions policies to be enabled. More specifically, this PR:

• Introduces the concept of a "fixed permissions policy" and "flexible permissions policy" in a FencedFrameConfig.
• Removes Derive a permissions policy directly from a fenced frame config instance in favor of a new Create a permissions policy for a fenced navigable algorithm, which handles both "fixed" and "flexible" permissions policies being created in a fenced frame.
• Renames the fenced parameter used when checking if navigation to a fenced frame should be blocked by permissions policy to matches all. This is done to avoid confusion with the Create a permissions policy for a fenced navigable algorithm and to make it clear that the boolean specifically affects whether a permission will be inherited in the ultimately created permissions policy if the allowlist matches itself or just matches the wildcard *.

---

Preview | Diff

[domfarolino]

I took another look at this after finding it my inbox. Feel free to resolve conflicts and formally re-request my review (so it appears in my dashboard) and I'll take another look at this PR.