fido: don't instantiate CrOS platform authenticator in Incognito

CL:2559262 changed GetAvailableTransports() to unconditionally include
FidoTransportProtocol::kInternal in its result, which causes a platform
authenticator discovery to be instantiated. Prior to that CL no
discovery would be instantiated if IsUVPAA() returned false.

This causes a platform authenticator to be instantiated mistakenly when
the system/u2fd IsUVPAA() call is true, but Chrome's IsUVPAA() is false
due to being in an Off-The-Record context.

To work around this, explicitly check for OTR in
GetAvailableTransports(). This is temporary, until the CrOS platform
authenticator is enabled in Incognito (crbug.com/1157651).

Bug: 1157967
Change-Id: I94113ed7e05948d8bd0c207ec5063b676bdebb73
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2587572Reviewed-by: Nina Satragno <nsatragno@chromium.org>
Commit-Queue: Martin Kreichgauer <martinkr@google.com>
Cr-Commit-Position: refs/heads/master@{#836971}

content/browser/webauth/authenticator_common.cc

@@ -561,7 +561,18 @@ base::flat_set<device::FidoTransportProtocol> GetAvailableTransports(
 
   base::flat_set<device::FidoTransportProtocol> transports;
   transports.insert(device::FidoTransportProtocol::kUsbHumanInterfaceDevice);
+
+#if BUILDFLAG(IS_CHROMEOS_ASH)
+  // TODO(crbug.com/1157651): Work around CrOS platform authenticator being
+  // unavailable in Incognito.
+  if (!content::WebContents::FromRenderFrameHost(render_frame_host)
+           ->GetBrowserContext()
+           ->IsOffTheRecord()) {
+    transports.insert(device::FidoTransportProtocol::kInternal);
+  }
+#else
   transports.insert(device::FidoTransportProtocol::kInternal);
+#endif
 
   if (discovery_factory->IsTestOverride()) {
     // The desktop implementation does not support BLE or NFC, but we emulate