Need tests for (likely not a complete list):

* directFromSellerSignals.
* All generateBid() and scoreAd() input parameters.
* All interest group fields (passed to auction, have effect on auction).
    Very few fields covered.
    Should be sure to cover buyerAndSellerReportingId and buyerReportingId for
        component ads, as they should not be settable.
    Already covered:
        Validation when joining/leaving interest group.
        renderURL and metadata for component ads (only integers covered, but
            probably not worth covering all types, if we have coverage for the
            main renderURL).
* Filtering/prioritization (including bidding signals influencing priorities)
* Size restrictions.
* additionalBids.
* adCost.
* bidCurrency.
* modellingSignals.
* Ad and component ad sizes.
* Updates (both after auction and triggered).
* All auctionConfig parameters (including invalid auctionConfigs, and ones
    with no buyers).
* Joining interest group with duration of 0 should just leave the IG (not
    currently guaranteed to work, due to potential time skew between processes).
* Multiple buyers.
* Multiple interest groups with same owner.
* Multiple origin auctions (buyer != publisher != seller).
* Multiple frame tests (including join IG policy, run auction policy,
    loading URNs in fencedframes in other frames, loading component
    ad URNs in fenced frames of other frames, etc)
* adAuctionConfig passed to reportResult().
* Component auctions.
* browserSignals fields in scoring/bidding methods.
* In reporting methods, browserSignals fields: dataVersion, topLevelSeller,
    componentSeller, modifiedBid, adCost, madeHighestScoringOtherBid
    (with interest group from another origin).
* Loading ads in iframes.
* In fencedframes window.fence.setReportEventDataForAutomaticBeacons()
* Calling leaveAdInterestGroup() in the frame of a winning ad (and one
    of its component ads)
* Network timeouts.
* Validate specific escaping behavior logic (still under discussion). There
    are a number of different rules for which characters are escaped, and
    whether spacess are escaped as "%20" or "+".
* Reports not sent if ad not used.
* Ties.
* Interactions with local network access API, which requires public
    networks to send CORS preflights for requests made over local networks.
    Needs testing with public publisher pages running auctions with
    sellers / buyers / update URLs on local networks.

If possible:
* Aggregate reporting.
* Join/leave permission delegation via .well-known files.
* k-anonymity.
* Signals request batching. This is an optional feature, so can't require it,
    but maybe a test where batching could be used, and make sure things work,
    whether batching is used or not?
