`Set` is a better data structure because it has a faster search: `Set.has` has a O(1) while `Array.includes` has a O(n).

Moved `frame-util` functionality to `frame-observer.js` and
`hypothesis-injector.js`:

- `isAccessible`, `findFrames` and `isDocumentReady` functions to
  `frame-observer.js`, and

- `hasHypothesis` and `injectHypothesis` functions to
  `hypothesis-injector.js`

Renamed and move `src/annotator/util/test/frame-util-test.js` to
`src/annotator/test/frame-observer-test.js`. This unit test only
exercise the `findFrames` function.

I run this command `prettier -w --parser html` on `shadow-dom.mustache`

In the latest version of the frontent-shared package, `extraRoute` has a
mandatory property `group` that must be either
`"home" | "foundations" | "patterns" | "components"`;

There are three ways to fix this:

* make the `group` property optional in the frontend-shared package (I
  don't know if that's a good idea).

* cast the `string` type to the one of the allowed types: `    group:
  /** @type {'components'} */ ('components'),`

* cast the `extraRoute` (this PR).

Edge 17 complains if the script is outside the body.

The current inter-frame communication doesn't work if an annotatable
(guest) iframe is from a different origin than the host frame (see
https://github.com/hypothesis/client/pull/3611#issue-696947005). This
will be fixed in a more comprehensive overhaul of the inter-face
communication (see https://github.com/hypothesis/client/issues/3533).

Meanwhile, I add a scenario into the local dev server where the
annotatable iframe is from an origin different than the host frame. For
this, I needed to spawn an additional dev server at port 3002):

```
[11:32:50] Dev web server started at http://localhost:3000/
[11:32:50] Dev web server started at http://localhost:3002/
```

Close #3629

Fix an issue where the sidebar failed to appear in Safari 11 and Chrome
63 when returning a cross-origin Window from a Promise `then` callback.
In these browsers an exception is triggered when the browser tries to
test if the return value is a Promise that can be unwrapped.

The issue was resolved in more recent browsers by adding an undefined
`then` property to cross origin objects. [1]

[1] https://github.com/whatwg/dom/issues/536

Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.15.0 to 7.15.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.15.4/packages/babel-preset-env)

---
updated-dependencies:
- dependency-name: "@babel/preset-env"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@hypothesis/frontend-shared](https://github.com/hypothesis/frontend-shared) from 3.7.0 to 3.8.1.
- [Release notes](https://github.com/hypothesis/frontend-shared/releases)
- [Changelog](https://github.com/hypothesis/frontend-shared/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hypothesis/frontend-shared/compare/v3.7.0...v3.8.1)

---
updated-dependencies:
- dependency-name: "@hypothesis/frontend-shared"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 10.3.3 to 10.3.4.
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/autoprefixer/compare/10.3.3...10.3.4)

---
updated-dependencies:
- dependency-name: autoprefixer
  dependency-type: direct:development
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@octokit/rest](https://github.com/octokit/rest.js) from 18.9.1 to 18.10.0.
- [Release notes](https://github.com/octokit/rest.js/releases)
- [Commits](https://github.com/octokit/rest.js/compare/v18.9.1...v18.10.0)

---
updated-dependencies:
- dependency-name: "@octokit/rest"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [mustache-express](https://github.com/bryanburgers/node-mustache-express) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/bryanburgers/node-mustache-express/releases)
- [Commits](https://github.com/bryanburgers/node-mustache-express/commits)

---
updated-dependencies:
- dependency-name: mustache-express
  dependency-type: direct:development
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [core-js](https://github.com/zloirock/core-js) from 3.16.4 to 3.17.2.
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/compare/v3.16.4...v3.17.2)

---
updated-dependencies:
- dependency-name: core-js
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [katex](https://github.com/KaTeX/KaTeX) from 0.13.16 to 0.13.18.
- [Release notes](https://github.com/KaTeX/KaTeX/releases)
- [Changelog](https://github.com/KaTeX/KaTeX/blob/master/CHANGELOG.md)
- [Commits](https://github.com/KaTeX/KaTeX/compare/v0.13.16...v0.13.18)

---
updated-dependencies:
- dependency-name: katex
  dependency-type: direct:development
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.978.0 to 2.983.0.
- [Release notes](https://github.com/aws/aws-sdk-js/releases)
- [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js/compare/v2.978.0...v2.983.0)

---
updated-dependencies:
- dependency-name: aws-sdk
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [chance](https://github.com/chancejs/chancejs) from 1.1.7 to 1.1.8.
- [Release notes](https://github.com/chancejs/chancejs/releases)
- [Commits](https://github.com/chancejs/chancejs/commits)

---
updated-dependencies:
- dependency-name: chance
  dependency-type: direct:development
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [sass](https://github.com/sass/dart-sass) from 1.38.2 to 1.39.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.38.2...1.39.0)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.15.0 to 7.15.5.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.15.5/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 6.11.0 to 6.12.0.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.11.0...6.12.0)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

`src/shared/port-rpc.js` depended on
`src/annotation/util/listener-collection.js`. Files in the `src/shared`
folder should not have dependencies on `src/annotation`.

`ListenerCollection` is a very general utility and the placement in
`src/shared` seems correct.

I took the opportunity to reorder the imports according to our
conventions.

Older Pattern* components are going away soon in the
`frontend-shared` package.

Changes in text rendering across PDF.js versions can render position
selectors invalid. Therefore any anchoring done with position selectors must
be checked against the quote, as we do with HTML annotations.

This commit disallows anchoring using only position selectors in PDFs
and restructures `anchor` control flow using async/await to make it
easier to follow.

We have been capturing quote selectors with PDF annotations forever, so
there should be no impact on old annotations.

Bumps [npm-packlist](https://github.com/npm/npm-packlist) from 2.2.2 to 3.0.0.
- [Release notes](https://github.com/npm/npm-packlist/releases)
- [Commits](https://github.com/npm/npm-packlist/compare/v2.2.2...v3.0.0)

---
updated-dependencies:
- dependency-name: npm-packlist
  dependency-type: direct:development
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>

Improve a few code comments and follow the convention of using
destructing for constructors that take a single `options` argument.

Its easier to scan the file if the typedef comes before references to
it.

I also reworded and fixed a grammar issue in another comment.

An important aspect of this function is that although it returns an
async result, it populates the cache synchronously, so that two racing
calls to `getPageTextContent` for the same page don't ask PDF.js to
extract the same text twice. Add comments to make that clear and remove
the `async` from the outer function.

 - Combine the two internal async helpers into one with no arguments.
   This eliminates some untyped parameters.

 - Move the documentation about returned text matching text layer from
   an internal comment to the function's JSDoc, since it is something
   callers need to know even if they don't care about the
   implementation.

Add tests that simulate the different handling of whitespace-only text
items between older (< v2.9.359) and newer PDF.js releases and check
that describing and anchoring selectors works in both cases.

Fix anchoring of text quotes and positions in PDF.js releases (>=
2.9.359) that include https://github.com/mozilla/pdf.js/pull/13257.

The client's anchoring relies on the text content of pages extracted via
PDF.js's text APIs (`PDFPage.getTextContent`) to match the `textContent`
of the hidden text layer element. In older PDF.js releases acheiving
this alignment required excluding text items with all-whitespace text,
because PDF.js did not create elements in the text layer for these. In
PDF.js releases after https://github.com/mozilla/pdf.js/pull/13257 this
filtering is no longer needed.

The fix in this commit is to feature-detect whether the active version
of PDF.js includes this change or not and filter or not filter text
items accordingly.

Future changes to PDF.js could cause mismatches between the result of
`PDFPage.getTextContent` and the rendered text layer in other ways, so a
sanity check has been added which logs a console warning if a mismatch
is detected.

The `checkQuote` helper's code suggested that it was expected to be
passed a range. However it was being called with a string. This happened
to work because the implementation only used the `toString` method,
which exists in both Range objects and strings.

TypeScript 4.4 complained that an indexed property lookup was
unnecessarily checked for truthiness. The check was however necessary.
The index type was wrong. Change the type to be correct and adjust other
code accordingly.

Disable a change/feature added in TypeScript 4.4 so that our existing
code typechecks. In most cases the handler is just making the pretty safe
assumption that the thrown error is a subclass of `Error`.

Fixes typecheck error with TypeScript 4.4.

Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.3.5 to 4.4.2.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v4.3.5...v4.4.2)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [axe-core](https://github.com/dequelabs/axe-core) from 4.3.2 to 4.3.3.
- [Release notes](https://github.com/dequelabs/axe-core/releases)
- [Changelog](https://github.com/dequelabs/axe-core/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/dequelabs/axe-core/compare/v4.3.2...v4.3.3)

---
updated-dependencies:
- dependency-name: axe-core
  dependency-type: direct:development
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react) from 7.24.0 to 7.25.1.
- [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases)
- [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.24.0...v7.25.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-react
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.973.0 to 2.978.0.
- [Release notes](https://github.com/aws/aws-sdk-js/releases)
- [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js/compare/v2.973.0...v2.978.0)

---
updated-dependencies:
- dependency-name: aws-sdk
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [core-js](https://github.com/zloirock/core-js) from 3.16.2 to 3.16.4.
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/compare/v3.16.2...v3.16.4)

---
updated-dependencies:
- dependency-name: core-js
  dependency-type: direct:development
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [terser](https://github.com/terser/terser) from 5.7.1 to 5.7.2.
- [Release notes](https://github.com/terser/terser/releases)
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.7.1...v5.7.2)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:development
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [mocha](https://github.com/mochajs/mocha) from 9.1.0 to 9.1.1.
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mochajs/mocha/compare/v9.1.0...v9.1.1)

---
updated-dependencies:
- dependency-name: mocha
  dependency-type: direct:development
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>