Require permissions for time zone and other time-related metadata

[Zamiell]

Currently, there is a popular npm library that displays a protest message if it detects that it is being executed in a time zone that overlaps with Russia. This has caused many downstream projects to move away from said library. (As it turns out, many non-Russian humans happen to live in Russian-overlapping-time zones.)

One high-level observation that we can make about this story is that it would be nice to live in a world where our npm dependencies can't hot-patch in features that spy on our geographic location. (In the exact same way that our npm dependencies should not be able to hot-patch in features that arbitrarily use the file-system or arbitrarily access the network.)

My first thought upon hearing this story was: "If we lived in a world where everyone was using Deno instead of Node/npm, then this would be a non-issue, due to the awesome permissions model."

And my second thought upon hearing the story was to actually look into the specifics. It turns out that by default, Deno allows retrieval of the time zone without any specifically required permissions, which left me surprised and disappointed.

Has this topic been previously discussed? I searched through the GitHub issues, but I didn't find anything relevant.

I think that everyone can probably agree that "time zone" should be squarely placed in a separate category than "personally identifiable information". Yet, with the previous story in mind, it still seems desirable for Deno to be able to protect the former.