Requests don't always have a Window

[jyasskin]

https://wicg.github.io/trust-token-api/#set-private-token-properties-for-request-from-private-token uses "request’s window’s associated Document", but at this point in the calling algorithms, the window could also be "client" or "no-window", instead of a Window object. I think the right fix is to replace the use of https://w3c.github.io/webappsec-permissions-policy/#is-feature-enabled (which takes a Document) with https://w3c.github.io/webappsec-permissions-policy/#should-request-be-allowed-to-use-feature (which takes a request and returns false for non-Windows).