feat: add additional chromium hardening based on vanadium

config/files/usr/etc/chromium/chromium.conf

@@ -1,3 +1,3 @@
 # system wide chromium flags
 CHROMIUM_FLAGS=""
-CHROMIUM_FLAGS+=" --ozone-platform=wayland --use-gl=angle --use-angle=gl --no-pings --disk-cache-dir=/dev/null --enable-features=VaapiVideoEncoder,VaapiVideoDecodeLinuxGL,SplitCacheByNetworkIsolationKey,SplitCodeCacheByNetworkIsolationKey,SplitHostCacheByNetworkIsolationKey,PrefetchPrivacyChanges,IsolateSandboxedIframes,StrictOriginIsolation,PartitionConnectionsByNetworkIsolationKey,PartitionHttpServerPropertiesByNetworkIsolationKey,PartitionSSLSessionsByNetworkIsolationKey,PartitionNelAndReportingByNetworkIsolationKey,EnableCrossSiteFlagNetworkIsolationKey --disable-features=PrivacySandboxSettings4,InterestFeedV2,NTPPopularSitesBakedInContent,UsePopularSitesSuggestions,MediaDrmPreprovisioning,AutofillServerCommunication"
+CHROMIUM_FLAGS+=" --ozone-platform=wayland --use-gl=angle --use-angle=gl --no-pings --disk-cache-dir=/dev/null --enable-features=VaapiVideoEncoder,VaapiVideoDecodeLinuxGL,SplitCacheByNetworkIsolationKey,SplitCodeCacheByNetworkIsolationKey,SplitHostCacheByNetworkIsolationKey,PrefetchPrivacyChanges,IsolateSandboxedIframes,StrictOriginIsolation,PartitionConnectionsByNetworkIsolationKey,PartitionHttpServerPropertiesByNetworkIsolationKey,PartitionSSLSessionsByNetworkIsolationKey,PartitionNelAndReportingByNetworkIsolationKey,EnableCrossSiteFlagNetworkIsolationKey --disable-features=PrivacySandboxSettings4,InterestFeedV2,NTPPopularSitesBakedInContent,UsePopularSitesSuggestions,MediaDrmPreprovisioning,AutofillServerCommunication,DisableThirdPartyStoragePartitioningDeprecationTrial"

config/files/usr/etc/chromium/vanadium_comparison.readme.md

@@ -121,7 +121,7 @@ A list of [Vanadium patches](https://github.com/GrapheneOS/Vanadium/blob/main/pa
 | [0117-Extend-opening-links-from-external-apps-in-incognito](https://github.com/GrapheneOS/Vanadium/blob/main/patches/0117-Extend-opening-links-from-external-apps-in-incognito.patch) | Extend opening links from external apps in incognito for custom tabs | No, Android only | N/A |
 | [0118-Extend-opening-links-from-external-apps-in-incognito](https://github.com/GrapheneOS/Vanadium/blob/main/patches/0118-Extend-opening-links-from-external-apps-in-incognito.patch) | Extend opening links from external apps incognito for search tabs | No, Android only | N/A |
 | [0119-Extend-opening-links-from-external-apps-in-incognito](https://github.com/GrapheneOS/Vanadium/blob/main/patches/0119-Extend-opening-links-from-external-apps-in-incognito.patch) | Extend opening links from external apps in incognito for share intents | No, Android only | N/A |
-| [0120-temporary-Always-partition-third-party-storage](https://github.com/GrapheneOS/Vanadium/blob/main/patches/0120-temporary-Always-partition-third-party-storage.patch) | Temporary always partition third-party storage | Yes | MISSING |
+| [0120-temporary-Always-partition-third-party-storage](https://github.com/GrapheneOS/Vanadium/blob/main/patches/0120-temporary-Always-partition-third-party-storage.patch) | Temporary always partition third-party storage | Yes | Set [in secureblue chromium.conf](https://github.com/secureblue/secureblue/blob/live/config/files/usr/etc/chromium/chromium.conf) |
 | [0121-Do-not-select-search-query-text-when-opening-web-and](https://github.com/GrapheneOS/Vanadium/blob/main/patches/0121-Do-not-select-search-query-text-when-opening-web-and.patch) | Do not select search query text when opening web and | No, Android only | N/A |
 | [0122-Add-an-easily-extensible-way-to-reference-targets-ea](https://github.com/GrapheneOS/Vanadium/blob/main/patches/0122-Add-an-easily-extensible-way-to-reference-targets-ea.patch) | Add an easily extensible way to reference targets easily in ninja | No, not desired | N/A |
 | [0123-Add-a-new-config-like-apk-target-for-building](https://github.com/GrapheneOS/Vanadium/blob/main/patches/0123-Add-a-new-config-like-apk-target-for-building.patch) | Add a new config-like apk target for building | No, Android only | N/A |