Depending on how the extension developer feels future development may pan out, requesting access to all websites is the only reasonable way to do it.
With how the update system works[1], when requesting new permissions the extension is disabled until manually reenabled. If there's even a slight possibility you may want to request access to additional sites in the future, you basically have to request "all websites" to prevent this from happening.
Since Chrome 16 there have been optional permissions around (so you only request permissions when they're needed, preventing the extension from auto-disabling), although that introduces additional overhead beyond simply requesting everything in the manifest file.
The extension update system should probably work more along the lines of that in Android - it auto-updates if the new version needs no additional permissions, but requires user input when new permissions are required. The current[1] state of auto-disable-on-update isn't ideal from either a developer or user position.
[1] as of about a year ago when I last tested this
You are right that adding new permissions will disable the extension until it is re-enabled. But android has a very similar behavior.
Still, I feel that using optional permissions and pointing out to the user why they would want enable the new permissions is the best option. Yes, it's more work for the developer.
With how the update system works[1], when requesting new permissions the extension is disabled until manually reenabled. If there's even a slight possibility you may want to request access to additional sites in the future, you basically have to request "all websites" to prevent this from happening.
Since Chrome 16 there have been optional permissions around (so you only request permissions when they're needed, preventing the extension from auto-disabling), although that introduces additional overhead beyond simply requesting everything in the manifest file.
The extension update system should probably work more along the lines of that in Android - it auto-updates if the new version needs no additional permissions, but requires user input when new permissions are required. The current[1] state of auto-disable-on-update isn't ideal from either a developer or user position.
[1] as of about a year ago when I last tested this