This proposal reconciles the FedCM and Storage Access APIs by making a prior FedCM grant a valid reason to automatically approve a storage access request.
License: Creative Commons Attribution 4.0 International
As @bvandersloot-mozilla rightfully pointed out in today's Privacy CG call, concepts like rSAFor and the Storage Access Headers wouldn't be compatible with this proposal's idea of scoping access using the identity-credentials-get policy.
I suspect the only way we can make this work would be if the RP sets a header-based permissions policy and thus opts all resources of the IdP into receiving storage access. Based on my understanding this mostly works because the only feedback about top-level Fetch use cases for Storage Access Headers comes from developers that control both the RP and IdP in some way.