BREAKING(unstable): Use hosts for net allowlists (#8845)

Allowlist checking already uses hosts but for some reason 
requests, revokes and the runtime permissions API use URLs.

- BREAKING(lib.deno.unstable.d.ts): Change 
NetPermissionDescriptor::url to NetPermissionDescriptor::host

- fix(runtime/permissions): Don't add whole URLs to the 
allowlist on request

- fix(runtime/permissions): Harden strength semantics:
({ name: "net", host: "127.0.0.1" } is stronger than 
{ name: "net", host: "127.0.0.1:8000" }) for blocklisting

- refactor(runtime/permissions): Use tuples for hosts, make 
the host optional in Permissions::{query_net, request_net, revoke_net}()

cli/tests/error_015_dynamic_import_permissions.out

@@ -1 +1 @@
-error: Uncaught (in promise) TypeError: network access to "http://localhost:4545/cli/tests/subdir/mod4.js", run again with the --allow-net flag
+error: Uncaught (in promise) TypeError: network access to "localhost:4545", run again with the --allow-net flag

cli/tests/error_worker_permissions_remote.ts.out

@@ -1,3 +1,3 @@
 [WILDCARD]
-error: Uncaught (in worker "") network access to "http://localhost:4545/cli/tests/subdir/worker_types.ts", run again with the --allow-net flag
+error: Uncaught (in worker "") network access to "localhost:4545", run again with the --allow-net flag
 [WILDCARD]

cli/tests/unit/permissions_test.ts

@@ -13,9 +13,9 @@ unitTest(async function permissionInvalidName(): Promise<void> {
   }, Error);
 });
 
-unitTest(async function permissionNetInvalidUrl(): Promise<void> {
+unitTest(async function permissionNetInvalidHost(): Promise<void> {
   await assertThrowsAsync(async () => {
-    await Deno.permissions.query({ name: "net", url: ":" });
+    await Deno.permissions.query({ name: "net", host: ":" });
   }, URIError);
 });