Add a placeholder for determining user consent to the requestSession() algorithm

[ddorwin]

While the exact conditions and mechanics for user consent are still being worked out (#393, #424, etc.), it seems pretty clear that there will be a point during the requestSession() algorithm when implementations may need to request user consent. It would be helpful to user agent implementations (and ensuring more consistent behavior across them) and developers as well as some of these discussions if there was a clear definition of when such consent is to be checked/requested.

The exact conditions can be stubbed out along with a note that this is still TBD.

The placeholder could be something as simple as:

1. If consent is required, determine consent.
    ISSUE: Exact conditions are TBD. See https://github.com/immersive-web/webxr/issues/393.
2. If consent is not granted, reject promise with...

[NellWaliczek]

Is there value in doing this given that the other issues need to be resolved by the end of this milestone and, based on the discussion at the F2F, UAs will be targeting the spec as it stands at the end of the milestone?

[ddorwin]

It's possible it will help inform or provide context for that discussion. Adding the text would also allow us to work out the exact mechanics in parallel instead of after the design issues for those other issues are worked out. One such mechanics issue is determining which DOMException to reject with.

[toji]

There's now an explicit point in the spec where consent is requested: https://immersive-web.github.io/webxr/#resolve-the-requested-features (Step 6)