Use MessageSender.origin to check if message came from first-run-dialog.

When an extension message is received, we check `MessageSender.id` to
disallow requests from unknown clients.  Unfortunately,
`MessageSender.id` is currently not trustworthy (issue 982361) and
therefore this CL switches to using `MessageSender.origin` instead.

Bug: 10321587
Change-Id: I3cc65cb4105cfc8caf0f98f5cd42cec5dacca4a3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2035864Reviewed-by: David Tseng <dtseng@chromium.org>
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Cr-Commit-Position: refs/heads/master@{#738206}

chrome/browser/resources/chromeos/accessibility/chromevox/background/command_handler.js

@@ -1353,10 +1353,10 @@ CommandHandler.onEditCommand_ = function(command) {
  */
 CommandHandler.init = function() {
   ChromeVoxKbHandler.commandHandler = CommandHandler.onCommand;
-  const firstRunId = 'jdgcneonijmofocbhmijhacgchbihela';
+  const firstRunOrigin = 'chrome-extension://jdgcneonijmofocbhmijhacgchbihela';
   chrome.runtime.onMessageExternal.addListener(function(
       request, sender, sendResponse) {
-    if (sender.id != firstRunId) {
+    if (sender.origin != firstRunOrigin) {
       return;
     }