Expose Itch object to HTML games using contextBridge

[jaredkrinke]

Fixes #2703

Basically, the "Itch" global wasn't getting exposed to my installed HTML5 game code when launched from the Itch app because of Electron's context isolation (it sounds like the existing code that modifies "global" used to work due to a bug in context isolation).

This change uses Electron's contextBridge.exposeInMainWorld function to expose the "Itch" global that is created in the (isolated) preload script.

I tested with two different HTML integration samples (which threw an "Itch is undefined" error before) to ensure that the "Itch" global (with API key) was exposed with this fix.

I observed this issue originally on Windows 10, and I only tested this change on Windows 10. I don't currently have access to any other operating systems.

EDIT: The following paragraph is about a different (but related) issue, that appears to be an Electron bug.

Having said that, neither of the samples appear to have API requests that actually work. The Itch documentation indicates that the "same origin policy" is disabled for HTML5 games launched from the app, but I saw CORS errors in the console. EDIT: The origin issue looks like it was a bug in Electron that was recently fixed (the Itch App code correctly sets webPreferences.webSecurity to false): electron/electron#23664

[jaredkrinke]

Update: the blocking Electron bug I mentioned (electron/electron#23664) was fixed in Electron 10.1.3. In the Itch app project, commit 8f45823 bumped the Electron version in the Itch app to 10.1.5. Theoretically, with this PR, the scenario should be unblocked (although I haven't had time to double-check yet).

[jaredkrinke]

I originally opened this bug in the "itch.io" project, but it seems like it belongs in the "itch" project instead (where this PR exists), so I opened a bug in this project to track: #2703