[css-nav-1] Keeping related feature policies consistent accross the web platform.

[frivoal]

This issue is a reminder to keep an eye on w3c/webappsec-permissions-policy#273, when a decision is reached there to (probably) synchronize https://drafts.csswg.org/css-nav-1/#policy-feature with it.

That issue in the web-app-sec WG is dealing with a different facet of the same problem, so we should try and keep things consistent.

[jihyerish]

focus-without-user-activation is a new feature policy that can be used to block programmatic focus changes. This feature affects element/window.focus() and 'autofocus'.

In spatial navigation, we have window.navigate() which can programmatically move the focus.
Also, navbeforefocus and navnotarget are related to programmatic focus changes.
So, I think those also need to be disabled by focus-without-user-activation.

Furthermore, preventing keydown event when it occurs one of arrow keys are pressed can also cause focus trapping.
We also need to consider this case.

Test page: https://wicg.github.io/spatial-navigation/tests/internal/hostile_iframe_test.html