Expose Android purchase token for VPN purchase for Premium Services website

[bsclifton]

Test plan

A bit complex; you'll need an Android phone which you'll connect remotely using a Desktop instance of Brave

On the phone

1. Open Brave on the Android phone
2. Enable Brave VPN if needed (ex: on Nightly, you enable via QA menu)
3. Buy VPN

On a desktop machine

1. Plug Android device into your computer and make sure USB debugging is enabled under developer options
2. On desktop, open Brave and visit brave://inspect/#devices
3. Find your mobile instance and pick inspect to pop open the dev tools. It should look like the picture here: Cross platform integration (Android) brave-core#13387 (comment)

Inside the dev tools window (on Desktop) for your mobile device

1. Navigate (top of dev tools) to https://account.brave.software
2. Login to Brave accounts website (put your email, hit enter; check your email; copy/paste URL from email into browser)
3. Once logged in, edit the URL you're at currently to add ?intent=connect-receipt&product=vpn to the end of the URL
4. Go to Application tab
5. Look for Session Storage value with key braveVpn.receipt and you should see a value

Decoding the braveVpn.receipt value

1. Copy the value as a string (from Session Storage in dev tools)
2. In JavaScript console enter atob('<string value you copied>')
3. Result should be the JSON you're expecting (including purchase token)

Description

Related to https://github.com/brave/account-brave-com/issues/24

Basically, for folks that have purchased the VPN product using the in-app-purchase (IAP) mechanism on Android, we should write a blob with the receipt information into local storage with the key braveVpn.receipt.

This will be a base64 encoded JSON blob in a format like:

{
    "type":"android",
    "raw_receipt":"<purchase token here>",
    "package":"com.brave.browser",
    "subscription_id":"brave-firewall-vpn-premium"
}

This should ONLY be exposed when on the Brave Premium website (account.brave.com / account.bravesoftware.com / account.brave.software). For the implementation, we can use a render frame observer to inject this method onto the page

Implementation for this needs to be security/privacy reviewed

[Uni-verse]

Verified on Samsung Galaxy S21 & Galaxy Tab S7 using the following build(s):

Brave	1.44.97 Chromium: 106.0.5249.55 (Official Build) (64-bit) 
Revision	4d5f098fca6ab7f4b6b7c240be3d9593c2357709-refs/branch-heads/5249@{#531}
OS	Android 12; Build/SP1A.210812.016

Using the test plan in #21942 (comment)

• Ensured Session Storage contains key with braveVpn.receipt
• Ensured atob(<braveVpn.receipt.value>) returns the following JSON in the console:

{

"package":"com.brave.browser",
 
"raw_receipt":"<string>",

"subscription_id":"brave-firewall-vpn-premium",

"type":"android"


}

Example	Example
Example (tablet)	Example (tablet)