To make User Activation v2 safe against an untrusted renderer process, we should move all user activation notification calls to the browser process.  (We are skipping UAv1 changes for this, would be a wasted effort).

We expect a lot of test regressions similar to ones we are facing for UAv2.

Our incremental plan (affecting only a portion of v1):

1. Gradually move activation notification for only UAv2 to the browser side.  This would affect many APIs, and Issue 826293 could be a blocker.  I believe the end result should be simpler than what we have today because most of the notification code today are there because of token-passing behavior of v1 (which should be gone in v2).

2. Once v1 and v2 notifications are completely isolated (in renderer and browser respectively), it should be easy to get rid of v1.

---

This bug is forked off from  Issue 780556 #c15, but with one difference: we won't be moving all activation consumption code to the browser side as we originally planned there.  We have more consumption cases in the renderer side today, and we know cases where we first have to consume on the renderer side before the browser does anything.

Most importantly, consumption from an untrusted browser is not a concern because it only prevents further use of a user action.