add Note to isUVPAA() wrt rejecting if not 'allowed to use'

index.bs

@@ -1792,6 +1792,8 @@ This method has no arguments and returns a Boolean value.
     };
 </xmp>
 
+Note: Invoking this method from a [=browsing context=] where the [=Web Authentication API=] is "disabled" according to the [=allowed to use=] algorithm&mdash;i.e., by a [=feature policy=]&mdash;will result in the promise being rejected with a [=DOMException=] whose name is "{{NotAllowedError}}".
+
 </div>
 
 ## Authenticator Responses (interface <dfn interface>AuthenticatorResponse</dfn>) ## {#iface-authenticatorresponse}