fix: host permissions for cx.metamask.io

[cryptotavares]

Description

When host permissions do not exist for a given domain, firefox sets cors policy to cross-origin.
This was preventing getting the blockaid files from our cdn and thus making the feature unusable in firefox.

This is fixed by adding "https://*.cx.metamask.io/" to the manifest file permissions.

Related issues

Fixes:

Manual testing steps

1. Install the extension in Firefox
2. Make sure that you have security alerts enabled.
3. Go to the test-dapp
4. Try a malicous transaction
5. You should see the This is a deceptive request.

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I’ve followed MetaMask Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 67.46%. Comparing base (f5c0d84) to head (c478aa9).

Additional details and impacted files

@@           Coverage Diff            @@
##           develop   #23958   +/-   ##
========================================
  Coverage    67.46%   67.46%           
========================================
  Files         1244     1244           
  Lines        48777    48777           
  Branches     12724    12724           
========================================
  Hits         32907    32907           
  Misses       15870    15870           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[metamaskbot]

Builds ready [c478aa9]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8
  • content-script: 0
  • ui: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (295 ± 287 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	83	388	123	64	31
		domContentLoaded	9	64	30	14	7
		load	70	2196	295	597	287
		domInteractive	9	64	30	14	7

Bundle size diffs

• background: 0 Bytes (0.00%)
• ui: 0 Bytes (0.00%)
• common: 0 Bytes (0.00%)