GDPR: allow pass geo doesn't check vendor consent

[System-Glitch]

In the GDPR implementation, the allowGeo method checks for special feature 1 opt in and vendor support in the GVL for special feature 1. However, it doesn't check if the user actually gave consent for this vendor.

Please correct me if I'm wrong but consent for any purpose, feature or special feature should only apply for vendors the users explicitly consented to.

prebid-server/gdpr/impl.go

Line 176 in 4e44ab4

return consentMeta.SpecialFeatureOptIn(1) && ((vendor != nil && vendor.SpecialFeature(1)) || weakVendorEnforcement)

Example problematic scenario:

• User consented for special feature 1
• User consented for vendor "A" but not for vendor "B"
• prebid-server prepares a bid request to vendor "B"
• Because consent is given for special feature 1, the geolocation of the user in bid request to vendor "B" is not scrubbed.

Recommendation: allowGeo should also check consentMeta.VendorConsent(vendorID)

[System-Glitch]

I realized later but I think checking vendor consent isn't actually needed here, it's implicit. If there were no vendor consent, there would be no bid request anyway so nothing to scrub.