Bitbucket native integration doesn't prevent browser extension injection

[lguychard]

Steps to reproduce:

1. Grant the browser extension permissions on bitbucket.sgdev.org
2. Visit https://bitbucket.sgdev.org/projects/SOUR/repos/vegeta/browse

Expected:

Only the native integration is executed, the browser extension doesn't run.

Actual:

Browser extension and native integration are both running.

[lguychard]

Note: this should be prevented by the injection of a .sourcegraph-app-background by the native integration, but the way the browser extension checks it is racy: https://sourcegraph.com/github.com/sourcegraph/sourcegraph/-/blob/browser/src/extension/scripts/inject.tsx#L46-52

[felixfbecker]

The link points to a comment saying it's not racy?

[lguychard]

I meant to close this, the comment was added in #4835 after I investigated this further and determined that it was, in fact, not racy - I had been misled by the "Sourcegraph browser extension is running" console log, which is always logged even when the browser extension code bails due to the presence of the native integration.