Prevent silent access flag proposed changes

[npm1]

The spec currently sets the flag when preventSilentAccess() is called on the origin that invoked the method.

We want to take advantage of this in FedCM, but to do so we have a proposed change: make the flag per domain, instead of per origin. This is because that is how usually logins work. In fact, it appears Chrome implementation of the existing usage is already per-domain...

Another issue: currently the prevent silent access flag only works for credentials from Collect, not for credentials from Discover. This is an issue because FedCM does all of its work in Discover. We therefore need to reimplement the logic for mediation inside our Discover method, but there is a step that would technically be incorrect: "If options’ mediation is "silent", resolve p with null, and skip the remaining steps." For FedCM, this should not happen.

[npm1]

Never mind, I missed the requires user mediation. Does this mean that if an iframe invokes the API and the top-level calls preventSilentAccess() then the iframe can still invoke the API later without issue? That seems like an issue.

[npm1]

Repurposing this issue to propose some modification to preventSilentAccess. cc @yi-gu