Security: Add sandbox attribute to message iframe for extra later of security (already protected via CSP headers)

Note that this does not provide any additional security as such as the CSP headers do this, however it is another barrier when it comes to bypass attempts.

server/ui-src/components/message/MessageItem.vue

@@ -786,6 +786,7 @@ export default {
 						frameborder="0"
 						style="width: 100%; height: 100%; background: #fff"
 						@load="resizeIframe"
+						sandbox="allow-same-origin allow-popups allow-popups-to-escape-sandbox"
 					>
 					</iframe>
 				</div>