I think there's an argument that whatever a web page might do, core browser-level controls that users rely on shouldn't be easily usurped by web pages, without giving a user some way to control whether they're happy about it doing so.
What I'd like to see is a way to specify keys that the website can't override, and how right-click usurp should be handled. The UI and code can be made extremely simple by focusing on the basic aim: "ringfencing" key user controls over the browser, as seen by the individual user.
- Keyboard shortcut protection: Because the aim is to protect key controls, if the user wants keys such as ctrl-tab or ctrl-T reserved for browser functions, we can assume at the start that it's probably all-or-nothing, so we don't have to worry about "per website". (Or at least that's an enhancement for someone so inclined). We just need to provide a means to enter a string/list of non-usurpable keys.
- Right click protection: Add a simple 3 state option: right click controlled by browser (no override), controlled by website (can override) or always includes browser items (can add new options, can't remove browser-set options).
The latter would be a really nice default, meaning that web pages like google maps can add new options for "directions to/from here", but can't remove existing ones. Even an unhelpful website probably will be manageable, if it can't remove any user-set right click options.