In chromium this is implemented in VerifyUsages:
https://source.chromium.org/chromium/chromium/src/+/main:components/webcrypto/jwk.cc;l=144

Something similar should be done for all the places we import JWK keys.

Then we should still strip use and key_ops before importing keys on the web, unless we decide to properly implement capabilities, see #53