Add a test case for pages served with the `Cross-Origin-Opener-Policy:
same-origin` header, which currently breaks the client's login popup.

This reproduces the issue from https://github.com/hypothesis/product-backlog/issues/1333.