added sandbox attribute with same origin and allow scripts

[AKApumkin]

the sandbox attribute with specified parameters can help increase security by not allowing outside script injection through Iframes, also it will mean that it passes most security scans as iframes without the sandbox attribute always get flagged.

[EranGrin]

Quite interesting, I'll consider this feat for https://www.npmjs.com/package/botman-extended-web-widget

[EranGrin]

I have added a configuration props to pass any sandbox attribute to the iframe on release v1.2.8 of the extended-web-widget