Viewer must be trusted for ssr templates to be supported

[samouri]

summary
Viewer needs to be trusted for us to allow rendering templates server-side. This means that there are now three requirements to opt-in to ssr templating: doc-level opt-in, has capability, and being a trusted viewer.

testing done

• new unit tests added for isSupported
• verify this doesn't break mail.ru / outlook

Note: I recommend viewing this PR without whitespace.

Fixes b/142607068.

[samouri]

I just found an issue with this I need to resolve before this can go through. I don't think allowConsoleError currently integrates well when the passed function is async (returns a promise).

Edit: this was also discussed here #15609. Solution seems to be to use expectAsyncConsoleError

[samouri]

In this presubmit logs:

[19:24:10] Found forbidden: "isTrustedViewer" in src/ssr-template-helper.js:61:25
[19:24:10] Usage of this API requires dedicated review due to being privacy sensitive. Please file an issue asking for permission to use if you have not yet done so.

Should I still file a separate issue?

[dreamofabear]

Nah, you can add it directly to the source whitelist in presubmit-checks.js.

[samouri]

I was able to pretty easily confirm that this doesn't break gmail by using charles proxy. I'm afraid this isn't as simple for email clients like mail.ru since they don't serve from the amp domain.

[jridgewell]

This has changed from a sync assert (a throw) to a possibly rejected promise. You need to wait on the value.

[samouri]

Yeah, I just spotted this as well. When I wrote this, I didn't know that userAssert throws. Working on it now 👍

[samouri]

meh, my solution stinks. I'll take another look tomorrow to see if I can make it cleaner.

[samouri]

The fix for amp-form is significantly more complex than the rest. I'll split it into its own PR.

[samouri]

Closing this in favor of #25638