Add strict Permissions-Policy header

[lukaw3d]

Currently we have Permissions-Policy: usb=* deployed (equal to nothing).

[github-actions]

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ EDITORCONFIG	editorconfig-checker	11		0	0.06s
✅ JAVASCRIPT	eslint	6	0	0	6.01s
⚠️ MARKDOWN	markdownlint	2	0	1	0.91s
✅ MARKDOWN	markdown-table-formatter	2	0	0	0.45s
✅ REPOSITORY	checkov	yes		no	46.84s
✅ REPOSITORY	git_diff	yes		no	0.01s
✅ REPOSITORY	grype	yes		no	16.42s
✅ REPOSITORY	trivy-sbom	yes		no	4.25s
✅ REPOSITORY	trufflehog	yes		no	91.24s
✅ TSX	eslint	1	0	0	6.1s
✅ TYPESCRIPT	eslint	2	0	0	6.5s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by

[lukaw3d]

This is annoying for maintenance: Sardine is a dependency of Transak. We won't know when Transak changes their dependencies, or if Sardine started requiring geolocation.

Should we loosen accelerometer,ambient-light-sensor,camera,encrypted-media,geolocation,gyroscope,magnetometer,microphone,publickey-credentials-get,web-share to =*?

[lukaw3d]

Although Transak docs say to put allow="camera;microphone;fullscreen;payment" on iframe, so it's already further restricted 🤷

[lubej]

I would say loosen, to avoid maintenance problems.

[codecov]

Codecov Report

Merging #1583 (ae63a9f) into master (8d13573) will increase coverage by 0.08%.
The diff coverage is n/a.

❗ Current head ae63a9f differs from pull request most recent head 84b30f3. Consider uploading reports for the commit 84b30f3 to get more accurate results

@@            Coverage Diff             @@
##           master    #1583      +/-   ##
==========================================
+ Coverage   83.01%   83.10%   +0.08%     
==========================================
  Files         157      155       -2     
  Lines        4069     4054      -15     
  Branches      729      728       -1     
==========================================
- Hits         3378     3369       -9     
+ Misses        691      685       -6     

Flag	Coverage Δ
cypress	51.12% <ø> (-0.06%)	⬇️
jest	78.25% <ø> (+0.14%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed	Coverage Δ
src/app/pages/FiatOnramp/index.tsx	0.00% <ø> (ø)

... and 6 files with indirect coverage changes

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Pages

Latest commit:	84b30f3
Status:	✅  Deploy successful!
Preview URL:	https://04fe4770.oasis-wallet.pages.dev
Branch Preview URL:	https://lw-strict-permissions-policy.oasis-wallet.pages.dev

View logs