security: restrict content script matches to specific domain in favicon sample (#1610)

* security: restrict content script matches to specific domain instead of <all_urls>

* docs: update README to reflect domain restriction

Author: RinZ27

functional-samples/sample.favicon-cs/README.md

@@ -1,6 +1,6 @@
 ## Fetching a favicon in a content script
 
-This example fetches the favicon from www.google.com and inserts it at the top left of every page.
+This example fetches the favicon from www.google.com and inserts it at the top left of Google search pages.
 
 Note: This extension does not work on `chrome://extensions`.
 
@@ -9,7 +9,7 @@ See [Fetching favicons](https://developer.chrome.com/docs/extensions/mv3/favicon
 ## Testing the extension
 
 1. Follow the instructions to load an [unpacked extension](https://developer.chrome.com/docs/extensions/mv3/getstarted/development-basics/#load-unpacked).
-2. Navigate to [www.example.com](https://www.example.com/).
+2. Navigate to [www.google.com](https://www.google.com/).
 
 It should look like this:
 

functional-samples/sample.favicon-cs/manifest.json

@@ -1,11 +1,11 @@
 {
   "name": "Favicon API in content scripts",
   "version": "1.1",
-  "description": "Demonstrates fetching the favicon from www.google.com and inserting it at the top left of every page.",
+  "description": "Demonstrates fetching the favicon from www.google.com and inserting it at the top left of the specified pages.",
   "manifest_version": 3,
   "content_scripts": [
     {
-      "matches": ["<all_urls>"],
+      "matches": ["https://www.google.com/*"],
       "js": ["content.js"],
       "css": ["style.css"]
     }
@@ -14,7 +14,7 @@
   "web_accessible_resources": [
     {
       "resources": ["_favicon/*"],
-      "matches": ["<all_urls>"],
+      "matches": ["https://www.google.com/*"],
       "use_dynamic_url": true
     }
   ]