Add permissions-policy check for publicKey credentials

[equalsJeffH]

If the CredentialRequestOptions supplied to the Request a Credential algorithm contains a object named publicKey then check that the responsible document is allowed to use the publickey-credentials-get policy-controlled feature.

This PR supersedes PR #138.

Fixes #136
Improves #135

---

Preview | Diff

[nsatragno]

We should add web OTP

https://wicg.github.io/web-otp/#sctn-permissions-policy

This mechanism is a bit of a pain to extend to other credential types and somewhat defeats the purpose of the credential types registry. Can we add the permission policy names to the registry, and then iterate those?

[equalsJeffH]

Good idea, agreed. Although I suggest we do not attempt to do this in this PR, and we instead:

1. submit an issue about this. ( done: see issue Add "policy controlled feature tokens" column to "Credential Types Registry"  #184 )
2. address issue #184 in a separate PR after both this PR and PR 181 (which creates the "Credential Types" registry) land.

[equalsJeffH]

I am thinking that we ought to land this PR before we land PR #181 so the latter PR can incorporate these changes (by rebasing onto main branch) because the changes in this PR are less invasive than those in PR 181.

[equalsJeffH]

I resolved the conflicts with main branch using the github UI (which did a merge-from-main it seems (sorry Nina if that was the wrong thing to do)).

I think this PR is ready to merge modulo the three outstanding questions (above) I have for @nina @jyasskin:
#182 fix issue #184 in separate PR ?
#182 which error to return is not allowed by policy?
#182 Merge this PR before PR #181 ?

[jyasskin]

Merging into your feature branch won't cause any problems since the repo is configured to only allow squash-merges back to main.

[equalsJeffH]

Thanks @jyasskin for the corrections. I think this PR is now ready to land. Then, we need to complete PR #181, and then address issue #184 (as outlined in this #182 (comment) above).