fix(mcp): add origin validation to useRenderData hook

[RinZ27]

✍️ Proposed changes

I've implemented origin validation in the useRenderData hook to enhance security for iframe-based communication in the MCP integration. Previously, the hook's message handler accepted data from any source origin without verification. This update introduces an optional allowedOrigins configuration, allowing developers to restrict data updates to trusted origins only.

🎟 Jira ticket: N/A (Security enhancement for MCP hooks)

✅ Checklist

For bug fixes, new features & breaking changes

• I have added stories/tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)
• I have run pnpm changeset and documented my changes

🧪 How to test changes

1. Configure the useRenderData hook with an allowedOrigins array (e.g., ['https://mongodb.com']).
2. Simulate a cross-document message using window.dispatchEvent(new MessageEvent('message', { ... })) from an origin not in the list. Observe that the state remains unchanged.
3. Simulate a message from an origin in the allowlist and verify that renderData is updated as expected.
4. Existing unit tests in useRenderData.spec.tsx have been updated to cover these scenarios.

[changeset-bot]

🦋 Changeset detected

Latest commit: 7e1319c

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR