✨ Allow custom iframe sandbox attributes in amp-consent

[0x7f]

In #38183 @alanorozco and I discussed options how to allow amp-consent's consent-ui iframe to trigger navigation events in the top window. This pull request allows specifying additional sandbox attributes similar to how users can specify them for amp-iframe (see amp-iframe v0.1 and amp-iframe v1.0).

Context: it is possible to load the consent ui in amp-consent from an external URL. The URL provided via promptUISrc is loaded inside an iFrame. The code inside that iFrame can communicate with the parent page via postMessage calls to e.g. signal ready or fullscreen events. The iFrame is instantiated with limited sandbox attributes (allow-scripts, allow-popups and optionally allow-same-origin). Since neither allow-top-navigation nor allow-top-navigation-by-user-activation are added, the iFrame is not allowed to trigger a navigation event in the top frame. There are cases though where triggering a navigation event from within that iFrame is useful (see #38183 for details).

This PR allows specifying additional sandbox attributes so users have full control over the auto-generated iframe element.

[0x7f]

See #38249 for an alternative implementation.

[0x7f]

@erwinmombay can you please add someone else as a reviewer instead?