[Payments] Enforce canMakePayment() quota in incognito mode.

Before this patch, calling canMakePayment() on desktop and iOS multiple
times with different payment method names and data in incognito mode
would always return "true" to preserve user privacy. However, this
change in behavior can be used by the website to detect incognito mode,
which conflicts with the goals of incognito mode.

This patch changes the canMakePayment() implementation to always check
the query quota first. If the query quota has been exceeded, the
canMakePayment() promise is rejected with NotAllowedError in both normal
and incognito browsing modes.

After this patch, calling canMakePayment() multiple times with different
payment methods and data in incognito mode would return NotAllowedError
after the first call. This is identical to the behavior in normal
browsing mode. A website can no longer use canMakePayment() to detect
incognito mode.

Bug: 766973
Change-Id: Ic9bc03769e7846fc639f2a6250091aa511311c39
Reviewed-on: https://chromium-review.googlesource.com/693220
Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org>
Reviewed-by: anthonyvd <anthonyvd@chromium.org>
Reviewed-by: Moe Ahmadi <mahmadi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#506130}
4 files changed