feat: add security warnings to sandboxed renderers (#14869)

Also refactor not to use the remote module.

lib/renderer/init.js

@@ -27,18 +27,6 @@ v8Util.setHiddenValue(global, 'ipc', new events.EventEmitter())
 // Use electron module after everything is ready.
 const { ipcRenderer } = require('electron')
 
-const {
-  warnAboutNodeWithRemoteContent,
-  warnAboutDisabledWebSecurity,
-  warnAboutInsecureContentAllowed,
-  warnAboutExperimentalFeatures,
-  warnAboutEnableBlinkFeatures,
-  warnAboutInsecureResources,
-  warnAboutInsecureCSP,
-  warnAboutAllowedPopups,
-  shouldLogSecurityWarnings
-} = require('@electron/internal/renderer/security-warnings')
-
 require('@electron/internal/renderer/web-frame-init')()
 
 // Process command line arguments.
@@ -168,23 +156,7 @@ for (const preloadScript of preloadScripts) {
 }
 
 // Warn about security issues
-window.addEventListener('load', function loadHandler () {
-  if (shouldLogSecurityWarnings()) {
-    if (nodeIntegration === 'true') {
-      warnAboutNodeWithRemoteContent()
-    }
-
-    warnAboutDisabledWebSecurity()
-    warnAboutInsecureResources()
-    warnAboutInsecureContentAllowed()
-    warnAboutExperimentalFeatures()
-    warnAboutEnableBlinkFeatures()
-    warnAboutInsecureCSP()
-    warnAboutAllowedPopups()
-  }
-
-  window.removeEventListener('load', loadHandler)
-})
+require('@electron/internal/renderer/security-warnings')(nodeIntegration === 'true')
 
 // Report focus/blur events of webview to browser.
 // Note that while Chromium content APIs have observer for focus/blur, they