Add a nonce (ephemeral token) to the Storage Key

[kyraseevers]

What is the issue with the Storage Standard?

There is a PR in progress to update the Storage Key to reflect the changes made during client-side storage partitioning: #182. That PR updates the key to consist of <origin, top-level site, and cross-site ancestry>. Chrome's implementation of the Storage Key also includes a nonce (of type UnguessableToken) for storage in ephemeral contexts like credentialless iframes. I believe that Firefox and Safari do not implement the nonce, so I am choosing instead to file an issue for future reference.

[annevk]

While I could see a use for this, the way credentialless iframes have been deployed has me rather concerned: WebKit/standards-positions#45 (comment).