SEP: Sandbox capabilities

[idosal]

Currently, the SEP sets the minimum required permissions for the app runtime (allow-scripts allow-same-origin). However, it doesn't address -

1. Additional capabilities like camera and microphone (@yannj-fr and others)
2. Hardening like base-uri (which can affect capabilities like translations between web apps and raw HTML) or nested iframes (which might also require ui: csp: frameDomains).

These can fundamentally alter the content the server chooses to advertise or return.

We need to define the negotiation for these capabilities.