NumeriusNegidius
commented
6 years ago CSO has different functionality than your mentioned add-on: you can right click on link text and search for that (not only selected text). To do so the add-on needs to run a content script and for some reason it requires "access to all websites", even though the add-on only cares about the active tab.
In Firefox 63 (still in beta) there's an addition to the API that will perhaps remedy this. However, I'm working on removing the dependency of Google S2 for favicons (for better privacy). This privacy enhancement will require this permission, so it will probably not be removed.
I'd argue the web extension permissions are a somewhat false security. They are not granular and they follow some Google dev logic that perhaps was applicable when the API was young. You could do quite a lot of harm and farm quite a lot of information with less permissions that CSO requires.
Do what you did before Firefox 57 (before permissions existed): do you research and use your common sense. And please report any and all add-ons that misbehave.
I've noticed, some add-ons could do similar things as yours without access your data for all websites. For example this one (only access for tabs required). But it does essentially the same: grab selected text from the page, paste in URL and open it in a new tab. Works via context menu too. Being a non-professional in such things, though, i don't see technical limitations to put off that permission for context search. Considering example above as a kind of proof-of-concept.
I consider this as a privacy and trust improvement, since even popular, trusting add-ons might turn out as malicious ones in the future.