[Security] Use chromium sandbox

[lahwran]

Description

In the version currently in git, nativefier does not pass sandbox: true when creating windows. This means that there are potentially privilege escalation exploits not present in a normal browser. I haven't been able to find any specific ones, but it's still pretty scary to have sandbox disabled. I'll likely look at enabling it soonish.

[bacongravy]

This is the spot to do it:

https://github.com/jiahaog/nativefier/blob/07faeb1881594b442a8b6c2d6fc9e74fc840e8e6/app/src/components/mainWindow/mainWindow.js#L92-L105

The feature is documented here:

https://electronjs.org/docs/api/sandbox-option

and some follow-on functionality was documented here:

electron/electron#14999

I think I experimented with the sandbox option before and determined that it broke the behavior of some websites that show popups. I suspect that it has to do with window.open reverting to standard Chromium behavior (instead of Electron behavior), as described in the above-linked docs. But, maybe I'm misremembering, or perhaps that behavior has changed since I tried it (it was electron v3).

[zachriggle]

I've made modifications locally to the installed nativefier and it seems that this has no functional impact. This is definitely something that should be turned on from a security point-of-view.