BREAKING(unstable): Use hosts for net allowlists (#8845)

Allowlist checking already uses hosts but for some reason 
requests, revokes and the runtime permissions API use URLs.

- BREAKING(lib.deno.unstable.d.ts): Change 
NetPermissionDescriptor::url to NetPermissionDescriptor::host

- fix(runtime/permissions): Don't add whole URLs to the 
allowlist on request

- fix(runtime/permissions): Harden strength semantics:
({ name: "net", host: "127.0.0.1" } is stronger than 
{ name: "net", host: "127.0.0.1:8000" }) for blocklisting

- refactor(runtime/permissions): Use tuples for hosts, make 
the host optional in Permissions::{query_net, request_net, revoke_net}()

cli/dts/lib.deno.unstable.d.ts

@@ -1085,13 +1085,12 @@ declare namespace Deno {
 
   export interface NetPermissionDescriptor {
     name: "net";
-    /** Optional url associated with this descriptor.
+    /** Optional host string of the form `"<hostname>[:<port>]"`. Examples:
      *
-     * If specified: must be a valid url. Expected format: <scheme>://<host_or_ip>[:port][/path]
-     * If the scheme is unknown, callers should specify some scheme, such as x:// na:// unknown://
-     *
-     * See: https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml */
-    url?: string;
+     *      "github.com"
+     *      "deno.land:8080"
+     */
+    host?: string;
   }
 
   export interface EnvPermissionDescriptor {