Duplicate trusted-type policy should invalidate the existing policy too

Currently, when a trusted-type policy already exists, it won't allow creating another one*
However, this allows an attacker to front-run policy creation, and is therefore not secure.

Instead, when trying to create a duplicate policy, it should also set the existing one to disabled (= instead of calling its methods' just treat it like its' methods always return null?)

