So these extensions allow linkedin to do this though, it's literally them saying "yes, this site can ping this resource" - called "web_accessible_resources".

This is fair from Linkedin IMO as I've seen loads of different extensions actually scraping the linkedin session tokens or content on linkedin.

It's not the extension developer who should decide this, but the browser user.

On what would the browser user base their decision?

If an extension injects an icon into the DOM of the page, then the resulting `img` tag needs to put something in its `src`.

The extension author may choose to use the `data:` scheme, but that's a development-time decision.