I maintain the library xterm.js which uses canvas. I keep getting reports like https://github.com/microsoft/vscode/issues/129948 of people using the Brave browser and seeing truncated character glyphs. This is because you block access to actual font metrics or something but our use case is perfectly valid.
I haven’t used Brave but do you show a permissions notification when accessing canvas APIs like this? And if not, why not? You seem to be putting a burden on library authors with this feature.