Use MessageSender.origin to check if sender is one of eligible clients.

When an extension message is received, we check `MessageSender.id` to
disallow requests from unknown clients.  Unfortunately,
`MessageSender.id` is currently not trustworthy (issue 982361) and
therefore this CL switches to using `MessageSender.origin` instead.

Bug: 10321587
Change-Id: I25e94ff9fafb9aaca4d1b8f933ef472f58cd2c3c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2031664Reviewed-by: Naoki Fukino <fukino@chromium.org>
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Cr-Commit-Position: refs/heads/master@{#737822}

ui/file_manager/file_manager/background/js/background.js

@@ -349,7 +349,7 @@ class FileBrowserBackgroundImpl extends BackgroundBase {
    * @param {MessageSender} sender
    */
   onExternalMessageReceived_(message, sender) {
-    if ('id' in sender && sender.id === GPLUS_PHOTOS_APP_ID) {
+    if ('origin' in sender && sender.origin === GPLUS_PHOTOS_APP_ORIGIN) {
       importer.handlePhotosAppMessage(message);
     }
   }
@@ -529,7 +529,8 @@ function registerDialog(dialogWindow) {
 }
 
 /** @const {!string} */
-const GPLUS_PHOTOS_APP_ID = 'efjnaogkjbogokcnohkmnjdojkikgobo';
+const GPLUS_PHOTOS_APP_ORIGIN =
+    'chrome-extension://efjnaogkjbogokcnohkmnjdojkikgobo';
 
 /**
  * Singleton instance of Background object.