#138 makes it so that while storage-access permissions are exposed to sites, we don't expose the "denied" state to prevent abuse as described in #60. There might be developer utility in exposing it, but we would have to mitigate the risk by matching the delay patterns being specified in #120.