Added allowvr attribute to iframes

Given that the API is capable of taking over the screen on mobile, similar to
fullscreen, it's prudent to ensure that iframes aren't given access to the
feature unless explicitly granted permission by the embedding page.



patch from issue 2331223002 at patchset 1 (
15 files changed