1.7.6, 1.7.7 TOCTOU issue when skipping evaluation for NOT_READY / FATAL status

[dd-oleksii]

From the spec:

Requirement 1.7.6

The client MUST default, run error hooks, and indicate an error if flag resolution is attempted while the provider is in NOT_READY.

Requirement 1.7.7

The client MUST default, run error hooks, and indicate an error if flag resolution is attempted while the provider is in FATAL.

These may lead to TOCTOU issue in multi-threaded SDKs because provider status may change between the client checking the status and attempting (or not attempting) evaluation.

It should be rather simple to fix the issue by dropping the requirements, and it shouldn't cause much trouble.

Another argument for dropping these requirements is that some providers do want to be called at all times (e.g. for telemetry logging).