* feat: enable world safe JS by default
* refactor: use the ctx bridge to send executeJavaScript results in a world safe way
* docs: add more info about the breaking change
* include default in IsEnabled check
* fix: do not throw if NativeImage conversion fails.
Throwing is an unannounced semver/major breaking change, so revert that
behavior but keep the rest of the #26546 refactor.
* test: add invalid icon test
* refactor: be explicit about when to throw or warn.
The call stack for one of our top crashes looks like this:
```
node::Abort (node_errors.cc:241)
node::Assert (node_errors.cc:256)
node::MakeCallback (callback.cc:226)
gin_helper::internal::CallMethodWithArgs (event_emitter_caller.cc:23)
gin_helper::EmitEvent<T> (event_emitter_caller.h:51)
gin_helper::EventEmitterMixin<T>::Emit<T> (event_emitter_mixin.h:81)
electron::api::DownloadItem::OnDownloadUpdated (electron_api_download_item.cc:115)
download::DownloadItemImpl::UpdateObservers (download_item_impl.cc:482)
content::DownloadManagerImpl::Shutdown (download_manager_impl.cc:508)
content::BrowserContext::~BrowserContext (browser_context.cc:476)
```
Full stack here: https://sentry.io/share/issue/9b030a0601b547188181b543c16ecda2/
During browser shutdown, the `DownloadManager` was being cleaned up
*after* the Node environment had already been destroyed. This caused the
`DownloadItem::OnDownloadUpdated` callback to crash when trying to emit
the JS `done` event.
To prevent this, we now manually shut down the `DownloadManager`
earlier. This is also mentioned in the comment on
`DownloadManager::Shutdown`:
```
// Shutdown the download manager. Content calls this when BrowserContext is
// being destructed. If the embedder needs this to be called earlier, it can
// call it. In that case, the delegate's Shutdown() method will only be called
// once.
```
* fix: prevent crash when destroyed widget receives keyboard event
Activating a key to close a window will cause a silent crash. Handling the keyboard
event will lead to a nullptr dereferenced in Chromium code if the window widget has
already been destroyed.
* test: ensure BrowserWindow doesn't crash from keyboard events during close
