pasting on the web platform is a pain.  by default, JS code cannot access the clipboard (for security reasons) which means hterm is forced to let the keystroke go through to the browser and let the browser do the paste event itself.

the ctrl-v-paste hterm setting is a bool which currently defaults to false.  that means Ctrl+V is captured & sent to the remote side while Shift+Ctrl+V attempts to do the paste which fails: first security blocks our direct access, and then the fallback to let the browser handle the event does nothing because the browser doesn't paste on Shift+Ctrl+V.

it works under the Chrome Secure Shell extension/app because the manifest requests clipboard access in the manifest.json and it's granted all the time.

we should change the ctrl-v-paste setting to be a tristate:
- true: use ctrl-v for pasting
- false: use shift-ctrl-v for pasting
- null/default: autodetect the current environment: if it's a browser extension, default to "false".  if it isn't (i.e. it's the open web), default to "true".

this won't help macOS users as browsers use ⌘+v to paste.  but macOS users prob already have that muscle memory and hterm doesn't catch that keystroke, so it "just works".