Fix history state navigation security issue

[gitbugr]

Implements changes proposed in the following comment #1784 (comment) back in May, without the server-side header idea (not against it, though I thought it was out of scope for this, and I didn't want to touch more than I needed to.), and using window.sessionStorage instead of window.localStorage.

To summarise the comment and what this PR does

• Moves page cached history from being stored in window.history.state (which cannot be cleared, presenting a potential security issue if private information is stored in page props.), to window.sessionStorage, which lives for the lifetime of the tab (though most browsers ignore security concerns by allowing users to restore sessions..) and can be cleared in JS.
• Added a public method to the router, router.clearHistory(), for clearing history state.

Related tickets/pull-requests:

#1784
#247
#102

[gitbugr]

Not sure what's up with the tests, here, the error modal test fails, but when running locally with the gui they all pass?

I've got it. Was using crypto.randomUUID() which isn't compatable with the current cypress electron version.

[gitbugr]

I've added somewhat of a guard against using more than ~1MB (+/- the size of one Page - somewhat arbitrarily chosen. Max is 5MB, but inertia should never fill that and prevent devs from being able to use it themselves.) of session storage for history. Upon reaching > 1MB, will begin to shift items out of session storage to prevent unlikely but possible QUOTA_EXCEEDED_ERR mentioned in #1784 (comment).