Bug 311707

In CredentialsContainer.cpp, `get()` and `isCreate()` both call `performCommonChecks()` which checks for a null document internally via RefPtr, then immediately re-acquire the document via `Ref document = *this->document()` — relying on an implicit contract that the document is still non-null. ```cpp void CredentialsContainer::get(CredentialRequestOptions&& options, CredentialPromise&& promise) { if (!performCommonChecks(options, promise)) return; Ref document = *this->document(); // unsafe: re-acquires WeakPtr without null check ... } ``` The fix is to change `performCommonChecks()` to return `RefPtr<Document>` (or null on failure), so callers receive the document directly without re-acquiring the WeakPtr: ```cpp void CredentialsContainer::get(CredentialRequestOptions&& options, CredentialPromise&& promise) { RefPtr document = performCommonChecks(options, promise); if (!document) return; ... } ``` This makes the null-safety contract explicit and eliminates the implicit assumption. Note: This is pre-existing code. In practice the implicit contract holds soundly under WebKit's single-threaded execution model, but it violates the spirit of WebKit's safer-cpp guidelines.