Improve phishing controller state names

[Gudahtt]

The phishing controller state names are confusing at the moment, and they continue to use outdated terminology.

The phishing configuration lists still have some references to whitelist and blacklist, which are no longer used on the new configuration. We should update the default fallback configuration (or remove the fallback completely) so that these names are no longer referenced.

The local-only allowlist state is called whitelist as well, which makes it easily confused for the phishing configuration allowlist entries. We should rename it to something like localAllowlist, safelist, safeExceptions, etc. to make it more clear how it's different frrm the configuration.