fix: feature detection to check for browser

[JustinBeckwith]

Previously, we were using the precense of window to figure out if we were running in a browser. Turns out, it causes a lot of trouble, like this:
googleapis/nodejs-storage#694 (comment)

We also see cases where window is injected in test environments for things like jest.

This uses a feature detection style approach, where we specifically check for subtle crypto availability.

[codecov]

Codecov Report

Merging #738 into master will increase coverage by 0.09%.
The diff coverage is 40%.

@@            Coverage Diff             @@
##           master     #738      +/-   ##
==========================================
+ Coverage   84.42%   84.51%   +0.09%     
==========================================
  Files          18       17       -1     
  Lines         950      943       -7     
  Branches      210      210              
==========================================
- Hits          802      797       -5     
+ Misses         88       86       -2     
  Partials       60       60

Impacted Files	Coverage Δ
src/auth/googleauth.ts	86.01% <ø> (ø)	⬆️
src/crypto/node/crypto.ts	100% <ø> (ø)	⬆️
src/auth/authclient.ts	100% <ø> (ø)	⬆️
src/auth/jwtaccess.ts	98.14% <ø> (ø)	⬆️
src/messages.ts	90% <0%> (+6.66%)	⬆️
src/crypto/browser/crypto.ts	9.09% <0%> (+0.26%)	⬆️
src/transporters.ts	88.88% <0%> (-0.25%)	⬇️
src/auth/oauth2client.ts	82.78% <100%> (-0.06%)	⬇️
src/crypto/crypto.ts	66.66% <50%> (-4.77%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7a6c8e7...b093cbb. Read the comment docs.

[bcoe]

This seems reasonable to me. Is the only thing that changes between the browser and Node.js execution the certificate format? our hypothesis being that an environment like Jest will work with PEM?

[bcoe]

we're okay to keep this check the same?

[JustinBeckwith]

Aye. In this case, it doesn't have an impact on which browser feature we're trying to use. It's just a naive check so we can try to send the right HTTP headers (I think).

[alexander-fenster]

@bcoe re: certificate formats, that's all bad bad bad. We basically need to have the same "feature detection check" there as well (not just "oh it's a browser, let's do JWK and not PEM", but "if this environment supports PEM, do PEM, if it supports JWK, do JWK, and there might be other formats to consider"). I think it's OK to leave it as is for now, until someone comes and claims that the existing logic does not work for them.