Allow for the query algorithm to return prompt or denied when document is not allowed to use

[aselya]

Updated language to allow the query algorithm to return prompt ordenied helps protect the user from exposing their available features and helps prevent retaliation against the user from developers.

closes #388

The following tasks have been completed:

• Modified Web platform tests (link)

Implementation commitment:

• WebKit (link to issue)
• Blink (link to issue)
• Gecko (link to issue)

---

Preview | Diff

[miketaylr]

There is some prior art at https://privacycg.github.io/storage-access/#permissions-integration and https://privacycg.github.io/requestStorageAccessFor/#permissions-integration

Conceptually, WDYT @marcoscaceres, should we pull this into permissions, or just add a note saying powerful features can do this in their own permission query algorithms?

[johannhof]

@aselya can you elaborate a bit more on why you think exposing Permissions Policy state (which is "allowed to use") would lead to retaliation against the user?

I could see an argument for why this technically exposes cross-origin information, but that seems by design, the same way that, say, the sandbox argument is observable by a cross-origin iframe. Also, that doesn't seem like something that should be implementation-defined. :)