Add security group to a few features (web-platform-dx#2061)

features/iframe-credentialless.yml

@@ -1,6 +1,7 @@
 name: Credentialless iframes
 description: The `credentialless` attribute for the `<iframe>` HTML element loads third-party content in an ephemeral context and does not send any credentials such as cookies. When using cross-origin isolation, this allows you to embed content that does not send `Cross-Origin-Embedder-Policy` headers.
 spec: https://wicg.github.io/anonymous-iframe/
+group: security
 compat_features:
   - api.HTMLIFrameElement.credentialless
   - api.Window.credentialless

features/permissions.yml

@@ -2,3 +2,4 @@ name: Permissions
 description: The `navigator.permissions` API checks whether a permission, such as access to geolocation data, has been granted.
 spec: https://w3c.github.io/permissions/
 caniuse: permissions-api
+group: security

features/trusted-types.yml

@@ -2,5 +2,6 @@ name: Trusted types
 description: Trusted types allow you to lock down insecure parts of the DOM API and prevent client-side cross-site scripting (XSS) attacks.
 spec: https://w3c.github.io/trusted-types/dist/spec/
 caniuse: trusted-types
+group: security
 status:
   compute_from: api.trustedTypes

features/user-activation.yml

@@ -1,3 +1,4 @@
 name: User activation
 description: The `navigator.userActivation` API reveals whether the user has interacted with the page through an "activation" gesture such as a click, tap, or key press. User activation gated APIs (such as the fullscreen API) fail without user interaction, and this API allows you to predict such a failure.
 spec: https://html.spec.whatwg.org/multipage/interaction.html#the-useractivation-interface
+group: security

features/web-cryptography.yml

@@ -4,6 +4,7 @@ spec:
   - https://w3c.github.io/webcrypto/
   - https://wicg.github.io/webcrypto-secure-curves/
 caniuse: cryptography
+group: security
 status:
   compute_from: api.Crypto
 compat_features: