Add test case for Cross-Origin-Opener-Policy header

Add a test case for pages served with the `Cross-Origin-Opener-Policy:
same-origin` header, which currently breaks the client's login popup.

This reproduces the issue from https://github.com/hypothesis/product-backlog/issues/1333.

dev-server/documents/html/coop-test.mustache

+<!-- Header: Cross-Origin-Opener-Policy: same-origin -->
+<html>
+  <head>
+    <title>Cross-Origin-Opener-Policy test document</title>
+    <style>
+      body {
+        font-family: sans-serif;
+        font-size: 1rem;
+        line-height: 1.5rem;
+      }
+      main {
+        max-width: 600px;
+        margin-top: 1rem;
+      }
+    </style>
+  </head>
+  <body>
+    <main>
+      <h1>Cross-Origin-Opener-Policy test</h1>
+      <p>
+        This page tests the client on a document which is served with a
+        <a
+          href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy"
+          ><code>Cross-Origin-Opener-Policy: same-origin</code></a
+        >
+        header. This header prevents popup windows from accessing their opener
+        using
+        <a href="https://developer.mozilla.org/en-US/docs/Web/API/Window/opener"
+          ><code>window.opener</code></a
+        >, which affects the client's login popup.
+      </p>
+      {{{ hypothesisScript }}}
+    </main>
+  </body>
+</html>

dev-server/templates/index.mustache

@@ -29,6 +29,7 @@
     <ul>
       <li><a href="/document/z-index">Content with high <code>z-index</code> style</a></li>
       <li><a href="/document/shadow-dom">Content in shadow DOM</a></li>
+      <li><a href="/document/coop-test"><code>Cross-Origin-Opener-Policy</code> test</a></li>
       <li><a href="/document/host-in-shadow-root">Hypothesis loaded into frame in shadow root</a></li>
       <li><a href="/document/parent-frame">Annotation-enabled iframe</a></li>
       <li><a href="/document/sidebar-external-container">Sidebar in external container</a></li>