[Feature request] - Extra check for new PRs in the CI/CD pipeline to auto add firebaseapp.com to web.app and web.app to firebase.com entries

[dubstard]

[Feature request]
tl;dr
Each website in web.app exists on at least two locations
*.firebase.com
*.web.app
could also be on a third party domain (outside of scope)

If possible - add an extra check for new PRs in the CI/CD pipeline to auto add *.firebaseapp.com to entries which are *.web.app.
And vice versa - auto add *.web.app to *.firebase.com entries. Not a blanket ban, just the subdomains.
We can not afford the luxury of blanket blocking web app or firebase, as it would cause a ton of FP flak.

---

Real world examples

For instance now we have
portal-chain.web.app = exists in https://raw.githubusercontent.com/MetaMask/eth-phishing-detect/main/src/config.json and thus is blocked (expected)
However the same page is always accessible on an alternate place via same subdomain + firebaseapp.com

Resulting in the same scam not being blocked on it's alternate placeholder:
⛔portal-chain.web.app = blocked
❌portal-chain.firebaseapp.com = Not blocked

This opens a window of opportunity to scammers for scams which were already identified. Unless both entries are blocked, one does not produce a warning,

So lets say contributor adds randomscam.web.app to the blocked array
then CI CD checks ok, do we have the same but on firebase blocked?
Upon blocking randomscam.web.app = auto block randomscam.firebaseapp.com

Or reverse - contributor adds randomscam.firebaseapp.com to the blocked array
then CI CD checks ok, do we have the same firebase entry, but on web.app blocked?
Upon blocking randomscam.firebaseapp.com = auto block randomscam.web.app

This would automatically reduce the attack vector footprint of web.app and .firebase.app shenanigan entries, without the burden of manually adding both each time.

cc @409H @samczsun as discussed