feat: change the init() to be an explicit action triggered from consumer code

[IgorSoloydenko]

There is currently a couple of problems with the way the library is consumed from the client code.

1. The import of the library with import 'cerner-smart-embeddable-lib' results in an unconditional execution of CernerSmartEmbeddableLib.init(), which is not always desirable. In a the context of our React application and its build setup it is difficult to achieve a conditional import of this library. The proposal is to expose a single function (e.g. initializeCernerSmartEmbeddableLib()) that can be invoked from the consumer code as necessary. Introduction of such change requires the major version bump as it's not backwards compatible.

2. Another problem is that the list of ACLs is hard coded and limited to 'https://embedded.cerner.com', 'https://embedded.sandboxcerner.com', 'https://embedded.devcerner.com'. This may not be sufficient in many cases. The proposal is to make the init() function receive acls as a parameter (maybe with a pre-defined old value).

Looking forward to feedback.

Thank you!

[kolkheang]

Thanks @IgorSoloydenko for contributing! I think the requested changes make sense to me.

I have an idea for item 2 above that won't use the hard-coded ACLs. There is an option to use a secret value with a callback function as part of the initialization. I am thinking that a JWT could solve this with an endpoint for public key that can be accessed to verify the token in the callback function. This will require a bit of work as there is a corresponding change in the consumer side (where the iframe is created). I don't know when we will get to this.

But, your change to allow the ACLs to be passed in as part of the initialization is useful to have for now.