fix(webchannel): Send 'can_link_account' during signin_unblock

[LZoog]

Because:

• Users can keep 'canceling' the login when they see the merge warning until they get rate limited, and then they can bypass the merge warning by going through signin_unblock

This commit:

• Sends the 'can_link_account' command on this screen after unblock

fixes FXA-13009

--

See this doc - signin_unblock wasn't listed on places to add this check for the MVP, an oversight.

Since we need the uid, we have to wait until the user is at least partially authenticated with password before we can send this web channel message up. However, for signin_unblock, we don't get back the user's uid after password entry, we must wait until they are verified. So now, users in this flow will see the merge warning after the successful unblock, but they'll be redirected to email-first once they hit "cancel".

I will file an issue for this: one thing that would make this flow much better because users would get "blocked" much earlier in the flow, would be the non-MVP cases shown in that doc - e.g., user has an entry in local storage and therefore as soon as we know the email they're trying to sign in with and it matches what's in local storage, use the UID there to send can_link_account. However, there is an edge case where if a user deleted their account on another device and recreated it, we'd be sending the wrong UID up. This is probably OK, but I think that should be a separate task.
edit: here's that ticket

[vpomerleau]

Code looks good and works as expected when testing locally in nightly.

• Merge warning is shown on signin_unblock when the final password attempt was correct (though throttled) + authorization code is correct;
• merge warning not shown on signin_unblock when the final password attempt before blocking was incorrect - the merge warning is instead shown on the signin page after successfully unblocking and re-entering the correct password.