I trust Apple more for this decision, not less. PWAs used WebKit to allow untrusted code (any website in this case) to safely execute on the phone. In the EU now, you can modify or replace that layer of trust (browser engine) and restricting camera access and local storage seems reasonable; these limitations are expected for websites.
I expect 3rd-party engines in the EU may choose to allow this, for example by launching in Chromium in full screen w/ additional permissions, but I'm glad this attack surface is reduced at least for right now.
I expect 3rd-party engines in the EU may choose to allow this, for example by launching in Chromium in full screen w/ additional permissions, but I'm glad this attack surface is reduced at least for right now.