This is what the webext-signed-pages [1] extension does. This only works in a secure manner with Firefox though because Chrome extensions don't have access to the content of the HTTP responses [2].
> If you want your app to be fully end-to-end, you can use the lower level
> unlock mechanisms, which are all end-to-end compliant
So if I want to use the SDK in a "fully" end-to-end secure way, I first need to implement by myself a secure way to transmit the user root secret (the unlock key) between the user's devices, and make sure this key is always accessible so that users don't loose access to their data. This doesn't seem like an easy task...
This is actually one of the described use cases of the new webpackage specification: https://tools.ietf.org/html/draft-yasskin-webpackage-use-cas...
Here is the current draft: https://wicg.github.io/webpackage/draft-yasskin-dispatch-web...