`document.hasStorageAccess()` is (currently) not required to reflect actual cookie accessibility

[cfredric]

The current steps of document.hasStorageAccess() do a few baseline checks (for an inactive document, opaque origins, insecure context), but the meat of the steps are:

1. Check whether the user agent's settings explicitly allow/disallow cookie access for the given {site, site} pair, without taking the environment's has storage access bool into account. Returns true/false if access was explicitly allowed/disallowed, respectively.
2. If the environment is same-authority with the top-level browsing context (i.e. if the whole frame hierarchy is same-site), then return true.
3. Check the storage-access permission status. If the status is "granted", return the environment's has storage access.
4. Return false.

The big problems with this are:

• It's possible for document.hasStorageAccess() to return false even if cookies are accessible.
  • E.g. because the user agent does not block 3P cookies by default.
  • E.g. the context is an ABA embed (see document.hasStorageAccess() erroneously always returns false for A(B(A)) embeds #234).
• It's possible for document.hasStorageAccess() to return true even if cookies are not accessible at all (if the user agent disables cookies, i.e. navigator.cookieEnabled is false).

In other words, the document.hasStorageAccess() steps currently do not guarantee the semantics we agreed on in #171 (comment).

We should refactor the spec steps to really check cookie accessibility, so that document.hasStorageAccess() returns true iff setting an unpartitioned cookie would work in that context (modulo the baseline/security checks above).