[css-conditional] Add fingerprinting note to Security & Privacy considerations

[tantek]

https://drafts.csswg.org/css-conditional-3/#priv-sec could be improved with a small note about the potential for (ab)using @supports (and CSSSupportsRule) for explicitly fingerprinting the user's UA's capabilities, which has privacy implications. Maybe something like:

===

Features in this draft, in particular @supports and @media with various conditions (and DOM interface equivalents), may be used to significantly fingerprint the user's UA and device capabilities, dimensions, viewing environment etc., both statically, and usage over time (e.g. logging the 'orientation' media query via the DOM) and thus potentially impacting privacy expectations.

===

and then also:

s/No other feature in this spec has any privacy considerations.//

since that's misleading at best.

[dbaron]

I wrote something a bit different, and moved the section (which Tab added with the commit message "fix some Bikeshed warnings"), but I think it's fixed now.