[WebAuthn] Enable cross-origin iframe feature policy by default

The Web Authentication feature policy which allows pages to delegate
the ability to perform public-key navigator.credentials.get operations
is enabled by default.

Bug: 993007
Change-Id: I8d9330a8fbc8c9881e0b046db4c06b36de28c866
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2199702Reviewed-by: Martin Kreichgauer <martinkr@google.com>
Reviewed-by: Rick Byers <rbyers@chromium.org>
Auto-Submit: Ken Buchanan <kenrb@chromium.org>
Commit-Queue: Rick Byers <rbyers@chromium.org>
Cr-Commit-Position: refs/heads/master@{#768781}

device/fido/features.cc

@@ -26,7 +26,7 @@ extern const base::Feature kWebAuthPhoneSupport{
 
 extern const base::Feature kWebAuthGetAssertionFeaturePolicy{
     "WebAuthenticationGetAssertionFeaturePolicy",
-    base::FEATURE_DISABLED_BY_DEFAULT};
+    base::FEATURE_ENABLED_BY_DEFAULT};
 
 #if defined(OS_CHROMEOS) || defined(OS_LINUX)
 const base::Feature kWebAuthCableLowLatency{"WebAuthenticationCableLowLatency",

third_party/blink/web_tests/virtual/stable/webexposed/feature-policy-features-expected.txt

@@ -14,6 +14,7 @@ microphone
 midi
 payment
 picture-in-picture
+publickey-credentials-get
 screen-wake-lock
 sync-xhr
 usb

third_party/blink/web_tests/webexposed/feature-policy-features-expected.txt

@@ -46,6 +46,7 @@ picture-in-picture
 pointer-lock
 popups
 presentation
+publickey-credentials-get
 screen-wake-lock
 scripts
 serial