Specify behavior when cross-site cookie access is allowed for embeds by browser configuration

[krgovind]

We should specify the behavior when requestStorageAccessFor is invoked on an origin that already has cookie access due to user configuration (e.g. third-party cookies are generally allowed, or allowed for that particular site):

• Does the user gesture requirement still apply?
• Can other implementation-defined steps be bypassed if the origin already has access?

This is particular relevant with Chrome's proposed user choice approach, where some browser instances may continue to allow third-party cookies. Ideally, the API should immediately resolve to "granted"; but we may need to discuss considerations that I'm not taking into account.