Find a way to make top-level storage access work

[johannhof]

As @bvandersloot-mozilla rightfully pointed out in today's Privacy CG call, concepts like rSAFor and the Storage Access Headers wouldn't be compatible with this proposal's idea of scoping access using the identity-credentials-get policy.

I suspect the only way we can make this work would be if the RP sets a header-based permissions policy and thus opts all resources of the IdP into receiving storage access. Based on my understanding this mostly works because the only feedback about top-level Fetch use cases for Storage Access Headers comes from developers that control both the RP and IdP in some way.