Only receives window messages from the parent window (aka `this.source`)

[real2two]

Added a check to see if the event source (event.source) is the source/parent (this.source`) frame. This prevents DiscordSDK from picking from window messages from child iframes (iframes within the activity iframe).

If you were to run this code snippet within an iframe in a Discord activity's iframe, DiscordSDK would pick it up on the handleMessage function:

(window.parent.opener ?? window.parent).postMessage("custom value", "*");

The result of executing the following script above in a (sandboxed) iframe within the activity iframe:

This is something you wouldn't want to allow if you're displaying arbitrary iframes with user-generated content in your Discord activity, so I added a if (event.source !== this.source) return; under this code segement:

https://github.com/discord/embedded-app-sdk/blob/2cb879af80535b87d4a80cd98597f8ce3062f1cc/src/Discord.ts#L275-L276

I haven't fully tested this change and don't know if there's any unintended side-effects of it, but this change seems to be working for me currently.