Add ui-iframe node for embedding a Web page

[HiroyasuNishiyama]

• [ ] Bugfix (non-breaking change which fixes an issue)
• [x] New feature (non-breaking change which adds functionality)

Proposed changes

This PR attempts to add a new UI widget node (ui-iframe) for embedding a Web page on Node-RED Dashboard. It also supports Web messaging API for interacting with the embedded page.

Checklist

• [x] I have read the contribution guidelines
• [x] For non-bugfix PRs, I have discussed this change on the forum/slack team.
• [ ] I have run grunt to verify the unit tests pass
• [ ] I have added suitable unit tests to cover the new/changed functionality

[dceejay]

Look really good - only question is if setting as the origin by default is too open for security ? I can see that for anyone actually using the node then the most likely setting will indeed be so it may be ok - or at least the most sensible default.

(Also I'm not sure if some users will know what origin means - or in this environment - who or what is the origin referred to - is it the browser running the dashboard - the instance of Node-RED - or the remote server serving the iframe ? (OK so yes, users can go look it up but... :-)

I'm happy to merge it.

[HiroyasuNishiyama]

Regarding origin parameter, I think that we have no other choice but to use * as default because it depends on the implementation of the web page that accepts postMessage.

[robynjayqueerie]

Not sure that I really understand this Origin bit. The Description of the node says * == no limitation but most of the time when I try to use a public url I get a cross origin issue ie :1880/ui/#!/4?socketid=87uW_VSbdZD3Y_t5AAAE:1 Refused to display 'https://geology.com/world/africa-satellite-image.shtml' in a frame because it set 'X-Frame-Options' to 'sameorigin'. Would this be expected. I can load the url properly from another tab on the same browser showing the Node Red UI