MV3 has done away with host permissions in the manifest definition of permissions/optional permissions and moved them to "host_permission" (
https://developer.chrome.com/docs/extensions/mv3/intro/mv3-migration/#host-permissions).
This is well and good but if I want to have a security model with the least permissive options and explicitly ask/prompt the user for permissions to run on a set of hosts (for example the 'tabs` permission), and I don't know what those hosts are in advance, I have to add broad host permissions (i.e. 'https://*/*') to the "host_permissions" of the manifest.
Even if I then move the permissions to optional that I need for those hosts once the user grants them (scripting, tabs), I'm concerned that since I still ask for broad host permissions that will flag the extension for a longer review process and it won't be obvious to the review team what my intent for permissions is.
Can somebody confirm from the chrome team that using broad hosts permissions (vs having them in "optional_permissions" like in MV2) won't flag my extension for longer review times, as there is no way to explicitly state/show that the broad host permissions are only needed for the OPTIONAL API permissions??