Clarify DeviceLoginScreenExtensions policy doc

Fix a few minor issues with the description of the
"DeviceLoginScreenExtensions" policy:

* Mention that extensions (not apps) can also be installed via it;
* Update the examples to quote the IDs that can actually be installed
  via this policy;
* Clarify that these apps/extensions cannot be disabled by the user
  (following the change of the ExtensionInstallForcelist policy
  documentation made in http://crrev.com/2852703002);
* Mention that the update URL is optional.

Bug: none
Change-Id: Iad87eb82e705462cafcab76f37d970dd20633ba4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2044114
Commit-Queue: Maksim Ivanov <emaxx@chromium.org>
Reviewed-by: Alexander Hendrich <hendrich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#740312}

components/policy/resources/policy_templates.json

@@ -13208,24 +13208,22 @@
       'features': {
         'dynamic_refresh': True,
       },
-      'example_value': ['gbchcmhmhahfdphkhkmpfmihenigjmpp;https://clients2.google.com/service/update2/crx'],
+      'example_value': ['khpfeaanjngmcnplbdlpegiifgpfgdco;https://clients2.google.com/service/update2/crx'],
       'id': 336,
-      'caption': '''Configure the list of installed apps on the login screen''',
+      'caption': '''Configure the list of installed apps and extensions on the login screen''',
       'tags': ['full-admin-access'],
       'desc': '''
-      Specifies a list of apps that are installed silently on the login screen,
-      without user interaction, and which cannot be uninstalled.
-      All permissions requested by the apps are granted
-      implicitly, without user interaction, including any additional
-      permissions requested by future versions of the app.
+      Specifies a list of apps and extensions that are installed silently on the login screen, without user interaction, and which cannot be uninstalled or disabled by the user.
 
-      Note that, for security and privacy reasons, extensions are not allowed to be installed using this policy. Moreover, the devices on the Stable channel will only install the apps that belong to the whitelist bundled into <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>. Any items that don't conform to these conditions will be ignored.
+      Permissions requested by the apps/extensions are granted implicitly, without user interaction, including any additional permissions requested by future versions of the app/extension. <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> restricts the set of permissions that the extensions can request.
 
-      If an app that previously had been force-installed is removed from this list, it is automatically uninstalled by <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
+      Note that, for security and privacy reasons, only apps and extensions that belong to the allow list bundled into <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> can be installed. All other items will be ignored.
 
-      Each list item of the policy is a string that contains an extension ID and an "update" URL separated by a semicolon (<ph name="SEMICOLON">;</ph>). The extension ID is the 32-letter string found e.g. on <ph name="CHROME_EXTENSIONS_LINK">chrome://extensions</ph> when in developer mode. The "update" URL should point to an Update Manifest XML document as described at <ph name="LINK_TO_EXTENSION_DOC1">https://developer.chrome.com/extensions/autoupdate</ph>. Note that the "update" URL set in this policy is only used for the initial installation; subsequent updates of the extension employ the update URL indicated in the extension's manifest.
+      If an app or extension that previously had been force-installed is removed from this list, it is automatically uninstalled by <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.
 
-      For example, <ph name="EXTENSION_POLICY_EXAMPLE">gbchcmhmhahfdphkhkmpfmihenigjmpp;https://clients2.google.com/service/update2/crx</ph> installs the <ph name="EXTENSION_POLICY_EXAMPLE_EXTENSION_NAME">Chrome Remote Desktop</ph> app from the standard Chrome Web Store "update" URL. For more information about hosting extensions, see: <ph name="LINK_TO_EXTENSION_DOC2">https://developer.chrome.com/extensions/hosting</ph>.''',
+      Each list item of the policy is a string that contains an extension ID and, optionally, an "update" URL separated by a semicolon (<ph name="SEMICOLON">;</ph>). The extension ID is the 32-letter string found e.g. on <ph name="CHROME_EXTENSIONS_LINK">chrome://extensions</ph> when in developer mode. The "update" URL, if specified, should point to an update manifest XML document as described at <ph name="LINK_TO_EXTENSION_DOC1">https://developer.chrome.com/extensions/autoupdate</ph>. By default, the Chrome Web Store's update URL is used (which currently is "https://clients2.google.com/service/update2/crx"). Note that the "update" URL set in this policy is only used for the initial installation; subsequent updates of the extension employ the update URL indicated in the extension's manifest.
+
+      For example, <ph name="LOGIN_SCREEN_EXTENSION_POLICY_EXAMPLE">khpfeaanjngmcnplbdlpegiifgpfgdco;https://clients2.google.com/service/update2/crx</ph> installs the <ph name="SMART_CARD_CONNECTOR_APP_NAME">Smart Card Connector</ph> app from the standard Chrome Web Store "update" URL. For more information about hosting extensions, see: <ph name="LINK_TO_EXTENSION_DOC2">https://developer.chrome.com/extensions/hosting</ph>.''',
     },
     {
       'name': 'AllowScreenLock',