Tests #48453

While reading through the documentation I stumbled over https://github.com/Microsoft/vscode-docs/blob/vnext/docs/extensions/webview.md#do-not-trust-messages-received-from-webviews which outlines the problem however doesn't provides any reasonable solution.

@alexandrudima and I brain stormed over lunch a little and we should try to make this more secure. An idea is:

• since the web view sends messages JS must be enabled
• the script should contain and 'active' or 'init' method which we try to call. Not sure how to actually do this. May be we need to inject something into the provided html using a template marker.
• the method should take a context which offers method to send and receive message (we will not use the global window properties)
• the methods uses tokens to ensure that on the receiving side we know that the message came from the right sender.
• we capture the postMessage function and check before we call it to ensure no one tempers with that function (for example to spy on the token we use).

The provider of the web view can still leak the context. However if he does so it is his fault since the communication didn't rely on global available functions available to everyone.