Add support for publickey-credentials-create permission policy

index.bs

@@ -1139,6 +1139,16 @@ spec:css-syntax-3;
     1.  Let |sameOriginWithAncestors| be `true` if the [=current settings object=] is [=same-origin
         with its ancestors=], and `false` otherwise.
 
+    1.  If |options|[{{CredentialCreationOptions/publicKey}}] [=map/exists=] and
+        if |settings|' [=relevant global object=]'s [=associated Document=] is **not**
+        [=allowed to use=] the [=publickey-credentials-create-feature|publickey-credentials-create=]
+        [=policy-controlled feature=] return [=a promise rejected with=] a "{{NotAllowedError}}"
+        {{DOMException}}.
+
+        Note: <a const>`password`</a> and <a const>`federated`</a>
+        [=credential type registry/credential types=] are not presently treated as
+        [=policy-controlled features=], although this may change in the future.
+
     1.  Let |interfaces| be the [=set=] of |options|' <a>relevant credential interface objects</a>.
 
     1.  Return [=a promise rejected with=] `NotSupportedError` if any of the following statements