Serve sandbox document with secure context headers

[chrispahm]

Is your feature request related to a problem? Please describe.
I'd like to use WebR (the statistical language R compiled to WASM, https://github.com/georgestagg/webR) in an Observable notebook. The JS landscape is still lacking a solid statistical framework (see following discussion → https://talk.observablehq.com/t/observable-for-research-advanced-statistics/4538/1), and this could enable more researchers and data scientists to work with Observable notebooks.
However, WebR makes use of SharedArrayBuffers, and therefore requires to be run in a secure context.

Describe the solution you'd like
If possible, the sandbox document would be served including the following headers:

Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: require-corp

Describe alternatives you've considered
Unfortunately, there seems to be no other way to get WebR to work (see following issue in the WebR repo r-wasm/webr#75).

Additional context
Notebook (Ambassador account): https://observablehq.com/d/147d41043e6a52f2
Slack Discussion (Ambassador channel): https://observable-community.slack.com/archives/C048DNSCNDP/p1674638959702439

[chrispahm]

closed in favor of #557

[neocarto]

Any news on this subject?