Add permissions bundles

[tomayac]

• Add permissions bundles to allow for tiered API access.
• Minor changes (implementor → implementer Ngrams).

[ghost]

All CLA requirements met.

[tomayac]

(I'm just checking back with our open source folks regarding the CLA.)

[tomayac]

CLA signed.

[tomayac]

CC: @aarongustafson & @diekus.

[aarongustafson]

@tomayac I’m intrigued by this concept, but it made me wonder if a permissions bundle could benefit from being an object with some form of label in addition to the array of permissions, rather than just an array of arrays? For example:

"permissions": [
  {
    "label": "Copy/paste",
    "bundle": [
      "clipboard-write",
      "clipboard-read"
    ]
  },
  {
    "label": "Communications",
    "bundle": [
      "camera", 
      "microphone",
      "notifications",
      "push"
    ]
  }
]

Perhaps implementers would disregard the labeling information, but it could also be profoundly helpful for providing basic context around why permissions are being grouped. Counterargument though: it will be abused when someone labels a bundle "Required." :-(

[tomayac]

Maybe UAs could come up with commonly agreed-on enums for valid labels (like "Communications") that would then be presented in localized form (for example, "The app example.com wants to use your camera and microphone, and notify you of incoming calls.") to the user at the UA's discretion?

In contrast, mini apps have the notion of a free-form permission description, which would be more in line with your "label" proposal, but they don't have bundled permissions.