Exclusions: exclude keys based on the top frame's URL, not subframe URLs

[philc]

The exclusion keys in Vimium apply on a per-frame basis. So, if you're visiting a site example.com, and it has an iframe showing content from sub.example.com, your exclusion keys won't work if the iframe has the focus. This is very surprising, and I think hard for people to debug and grok. It appears that Vimium's exclusion keys are simply not working. It's also hard to workaround -- how does one know what the domain of the iframe is, so that they can set exclusion rules for that domain? You have to open the browser's developer tools and poke around.

I'm not sure where this per-frame exclusion behavior originally came from, and whether there was a specific reason for it. It was discussed early on in #1453.

This PR changes it so that the exclusion rules and passkeys from the top frame's URL are applied to all subframes on that page. I think this is a better UX.

This fixes #3254, #3960, #4375, and possibly other open issues.

[gdh1995]

In a cross-domain iframe, this PR may cause

Uncaught DOMException: Failed to read a named property 'toString' from 'Location': Blocked a frame with origin "https://*****" from accessing a cross-origin frame.

[philc]

Great catch @gdh1995. I've changed this to use the tab's URL, rather than having the content script itself pull the top frame's URL. This now works on cross origin iframes in my tests.