Calendar Setup and Permission Restructuring

[jonathansampson]

This PR addresses a few issues. Primarily it introduces a new permission model which makes all permissions optional by default. This requires the user to explicitly opt-in to the Brave Talk for Calendars functionality on their preferred calendar(s). Secondly, to give the user the ability to identify which calendar(s) they use, this PR also introduces a new Calendar-Selection page.

The Calendar-Selection page is currently a work in progress. Here is it shown with Proton and Skiff enabled, but Google disabled:

Currently a single content script file is produced for all calendars, and injected into each calendar host when granted permission. The next step will be to generate a distinct content script for each host, and inject only the host-specific script when granted permission.

• Generate host-specific content scripts
• Finish styling of Calendar Selection page
• Author new tests to cover changes to extension behavior

[github-actions]

_{reported by reviewdog 🐶}
[sveltegrep] button.dataset.origin.replace method will only replace the first occurrence when used with a string argument ("*"). If this method is used for escaping of dangerous data then there is a possibility for a bypass. Try to use sanitization library instead or use a Regex with a global flag.

Source: https://semgrep.dev/r/javascript.lang.security.audit.incomplete-sanitization.incomplete-sanitization


Cc @thypon @bcaller

[socket-security]

New dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
@tsconfig/svelte	5.0.0	None	+0	3.35 kB	typescript-deploys
svelte-preprocess	5.0.4	eval, filesystem	+23	6.61 MB	dummdidumm
svelte2tsx	0.6.20	None	+17	6.14 MB	svelte-language-tools-deploy
svelte-loader	3.1.9	environment	+18	5.75 MB	dummdidumm
svelte	4.2.0	None	+12	5.47 MB	svelte-admin