feat: enable security alerts api

[vinistevam]

Description

This PR aims to enable the Security Alerts API. The environment variable SECURITY_ALERTS_API_ENABLED will be maintained and removed in a separate PR in a future release.
There is a fallback mechanism that uses the local PPOM to validate the request in the case of an issue with the API. This safeguard is designed to prevent any disruption or impact on the user experience.

Related issues

Fixes: https://github.com/MetaMask/MetaMask-planning/issues/2516

Manual testing steps

• Go to test dapp and trigger one of the malicious signatures
• To verify in Chrome go to dev tools > network. Search for security-alerts and find the call to the API service.

Screenshots/Recordings

test-security-alerts-api.webm

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Extension Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[sleepytanya]

PPOM on Ethereum works as expected.
BNB - Malicious Transfer (USDC) is not flagged
Avalanche - Malicious Set Approval for All and Sign Permit are not flagged
zkSync - Malicious Permit, Malicious Seaport, Sign Permit, Malicous Permit with Padded ChainID - are not flagged (some of them could be ignored as they are not supported on zkSync yet?)

[metamaskbot]

Builds ready [93bfff7]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6
  • common: 0, 1, 10, 11, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (2120 ± 230 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	357	3182	1781	712	342
		domContentLoaded	1610	2896	2076	443	213
		load	1621	3205	2120	480	230
		domInteractive	20	146	49	33	16
		backgroundConnect	8	309	41	64	31
		firstReactRender	48	371	134	83	40
		getState	5	67	22	22	11
		initialActions	0	1	0	0	0
		loadScripts	1186	2199	1560	363	174
		setupStore	10	162	40	38	18
		uiStartup	1817	3826	2451	617	296

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 730 Bytes (0.02%)
• ui: 0 Bytes (0.00%)
• common: 0 Bytes (0.00%)