Enable `allow.cross-origin-isolated` for iframes

[rajsite]

Web applications relying on SharedArrayBuffers or high resolution timers have been possible for top-level sites since the introduction and adoption of COOP / COEP across browsers since late 2021. From my understanding it is not sufficient for resources in iframes and the parent contexts to all be served with COOP / COEP headers but the iframe must also be configured with allow="cross-origin-isolated".

There is a separate interop for the full Permissions Policy implementation. This proposal is narrowly for enabling allow.cross-origin-isolated on iframes which has limited cross-browser support based on MDN browser compatibility tables for iframe.allow.

This interop is submitted under the (possibly incorrect) assumption this feature could be implemented independently of the full Permissions Policy feature similar to other existing iframe allow configurations. Relevant wpt.fyi results.