Restrict Clipboard API to top-level origin

[dway123]

The Async Clipboard API doesn't already restrict API use to top-level origins, but other potentially dangerous APIs like screen share do. Using a feature policy to restrict usage to top-level origins should help avoid potential permission/data leakages across origins.

Could we please add a Feature Policy to require the Clipboard API to only be accessible to top-level frames, at least unless the owning origin explicitly allows subframes to access this? (An extension from this could be only allowing the top-level origin to access this API, and not allowing sub-frames to access this at all). This change can likely use very similar text as in the screen share spec.