Remove the web worker to allow for direct DOM access from scripts

[KallynGowdy]

Currently, CasualOS scripts run inside a web worker inside an iframe.

This original design was made to enforce two key things:

1. Security boundary (iframe)
2. Process boundary (web worker)

This is because that in the past, the iframe was loaded from the same origin (or null origin) as the CasualOS frontend, and not all web browsers use a separate process for iframes that are loaded from the same origin. In other words, while iframes from the same origin still have a security boundary, they are (often) run within the same process which could cause issues if a script runs into an infinite loop. So, to conclude, the iframe was used to ensure that scripts can't touch the frontend stuff directly, and the web worker was used to ensure that scripts always run in a separate thread from the frontend code to prevent lockups.

Now, it is much more common to run CasualOS using a separate origin for the iframe, so most web browsers should run it in a separate iframe. This means that if a separate domain is used for the iframe, we don't need to create the web worker anymore to get a separate thread for running scripts. This in turn means that it is possible to remove the web worker and give direct DOM access to the scripts.

There is really only one caveat:

1. The VM has to be loaded from a separate domain from the frontend. According to Chrome rules, iframes get a separate process if the site is different (different domain - does not include subdomains - sub.casualos.com is the same as casualos.com according to the rules, but example.com is different from casualos.com)