Add Permissions Policy integration with "allowed to use" check

Resolves issue #37 by adding proper Permissions Policy integration
to the Local Network Access check algorithm.

Changes:
- Replace TODO with normative algorithm steps for permission
  checking in the Local Network Access check algorithm
- Add "allowed to use" check to verify the "local-network-access"
  policy-controlled feature is allowed before checking permission state
- Add anchor definition for HTML spec's "associated Document" term

This ensures that documents must be allowed to use the feature by
Permissions Policy before local network access requests can proceed,
addressing the concern raised in issue #37 about requiring explicit
Permissions Policy delegation.

Author: MayyaSunil

index.bs

@@ -36,6 +36,9 @@ url: https://websockets.spec.whatwg.org/#concept-websocket-connection-obtain; ty
 spec: WEBSOCKET; urlPrefix: https://websockets.spec.whatwg.org/
   type: abstract-op;
     text: WebSocket opening handshake; url: #websocket-opening-handshake
+spec: HTML; urlPrefix: https://html.spec.whatwg.org/multipage/webappapis.html
+  type: dfn; for: global object
+    text: associated Document; url: #concept-document-window
 </pre>
 
 <pre class="biblio">
@@ -650,14 +653,37 @@ What follows is a sketch of a potential solution:
               3.  Set |error|'s [=response/IP address space=] property to
                   |connection|'s [=connection/IP address space=].
 
-              4.  TODO: Permission check is sketched out below, wording is still vague
-                  1. If the initiating origin has been granted the local
-                     network access permission, return null.
-                  2. If the initiating origin has been denied the local network
-                     access permission, return |error|.
-                  3. Otherwise, prompt the user:
-                     1. If the user grants permission, return null.
-                     2. If the user denies the permission, return |error|.
+              4.  If |request|'s [=request/client=] is null, then return
+                  |error|.
+
+              5.  Let |settingsObject| be |request|'s [=request/client=].
+
+              6.  Let |global| be |settingsObject|'s [=environment settings
+                  object/global object=].
+
+              7.  Let |document| be |global|'s [=global object/associated
+                  Document=].
+
+              8.  If |document| is null, then return |error|.
+
+              9.  If |document| is not [=allowed to use=]
+                  "local-network-access", then return |error|.
+
+              10. Let |permissionState| be the result of [=getting the current
+                  permission state=] given "local-network-access" and |global|.
+
+              11. If |permissionState| is [=permission/denied=], then return
+                  |error|.
+
+              12. If |permissionState| is [=permission/granted=], then return
+                  null.
+
+              13. [=Prompt the user to choose=] whether to grant
+                  "local-network-access" for |global|:
+
+                  1.  If the user grants permission, then return null.
+
+                  2.  If the user denies permission, then return |error|.
       1.  Return null.
 
   1.  The [$fetch$] algorithm is amended to add 2 new steps right after request’s