Add code to debug an error [1] triggered during an effect in the
`ThreadList` component.

When the effect is run, an attempt to get a reference to a DOM node
rendered by the component using `getElementById` is failing. This could
be because:

 - The component has been unmounted (I didn't think effects could run
   after unmounting, but I'm not certain)
 - The component has been rendered but the DOM has not yet been attached
   to the document
 - The `visibleThreads` value captured by the effect does not match the
   most recently rendered output.

I couldn't reproduce the issue locally. The debugging code added here
should narrow down which of these is happening.

[1] https://sentry.io/organizations/hypothesis/issues/2554918407/

`CrossFrame#call|onConnect|on` are proxies of
`Bridge#call|onConnect|on`.

Instead of duplicating the documentation of `Bridge` methods on
`CrossFrame` we use a `@see`.

We reserve default exports only to Preact components.

The documentation for the `on` and `call` are documented identically as
in the `Bridge` class and use the same nomenclature.

We previously implemented a custom confirm dialog for use in browsers
which disallow use of `window.confirm` in cross-origin iframes (Chrome 9x) but
kept `window.confirm` in other browsers while the design of the new
dialogs was polished.

The polishing has now been done, so this commit switches all confirm
dialogs to use the new dialogs. This makes the experience look better
and be consistent across browsers.

No functional change.

The added type has surfaced that `iframe.contentDocument` could be
`null`. This was no considered before. I didn't deviated from the
original behaviour and I casted the value. If in the future we found
issues we should see those in the Sentry reports.

Add information to Sentry error reports about what JavaScript files were
included on the page.

I have a hypothesis that Sentry issues like
https://sentry.io/organizations/hypothesis/issues/2528337318/events/e176f165836149b99d439fa71e69453c/?project=69811&query=is%3Aunresolved
might be caused by unwanted `<script>` tags injected by extension or the browser.
We try to block most unexpected scripts using strict
Content-Security-Policy settings, but extension and custom
browser-injected scripts may be able to bypass this.

Remove the query-string dependency and disallow use of Browserify's
querystring package. Going forwards all query string construction and
parsing should be done with URLSearchParams.

Replace remaining use of query-string dependency with the
URLSearchParams browser API. This will allow us to remove the
dependency.

Wherever the client calls `Response.json()` it should handle the
scenario where the body is empty.

Refactor a lengthy promise chain in the function that executes API
calls to use async/await instead, to make it easier to follow the
control flow.

Implemented an internal flag in the `AnnotationSync` class that keeps
track of whether destroy has been called. When the `AnnotationSync` is
destroyed, messages from the sidebar are ignored.

In addition, we have made the bridge handlers to return `undefined` for
the results because they are not used in the reciprocal bridge channel.

`guestConfig` was not used, so I deleted it.

Improved text descriptions specifying the origin of the events.

`CrossFrame` created an emitter and wrapped the `subscribe` and
`publish` methods into two functions that were passed as arguments to
the `AnnotationSync`'s constructor.

A simpler and more direct approach is to pass the event bus directly to
`AnnotationSync`.

The previous version stated that it aimed to match the behavior of the
`query-string` package but it was actually tested against Node's
`querystring` package, which has slightly different behavior for this
edge case. It omits parameters with `undefined` values and renders empty
parameters for `null` values.

The notebook view was calling `api.search({ uri: undefined, ... })` and
this translated to `/api/search?uri=&...` which caused an error.

Omit parameters instead in this case.

The Notebook view failed to show results because the parameters passed
to the API search call included `{ uri: undefined }` and the logic for
serializing parameters failed to handle this, so the search API call was
not made.

This commit makes the handling of nullish values in API method calls
match the previous behavior and adds a test.

This is a step towards eliminating a dependency in favor of a native
browser API.

Replace this dependency with a native browser API which we can now use.

Bumps [axe-core](https://github.com/dequelabs/axe-core) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/dequelabs/axe-core/releases)
- [Changelog](https://github.com/dequelabs/axe-core/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/dequelabs/axe-core/compare/v4.3.1...v4.3.2)

---
updated-dependencies:
- dependency-name: axe-core
  dependency-type: direct:development
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [commander](https://github.com/tj/commander.js) from 8.0.0 to 8.1.0.
- [Release notes](https://github.com/tj/commander.js/releases)
- [Changelog](https://github.com/tj/commander.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tj/commander.js/compare/v8.0.0...v8.1.0)

---
updated-dependencies:
- dependency-name: commander
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [eslint](https://github.com/eslint/eslint) from 7.31.0 to 7.32.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v7.31.0...v7.32.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@octokit/rest](https://github.com/octokit/rest.js) from 18.7.1 to 18.7.2.
- [Release notes](https://github.com/octokit/rest.js/releases)
- [Commits](https://github.com/octokit/rest.js/compare/v18.7.1...v18.7.2)

---
updated-dependencies:
- dependency-name: "@octokit/rest"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.14.8 to 7.14.9.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.14.9/packages/babel-preset-env)

---
updated-dependencies:
- dependency-name: "@babel/preset-env"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [core-js](https://github.com/zloirock/core-js) from 3.15.2 to 3.16.0.
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/compare/v3.15.2...v3.16.0)

---
updated-dependencies:
- dependency-name: core-js
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [sass](https://github.com/sass/dart-sass) from 1.36.0 to 1.37.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.36.0...1.37.0)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.953.0 to 2.958.0.
- [Release notes](https://github.com/aws/aws-sdk-js/releases)
- [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js/compare/v2.953.0...v2.958.0)

---
updated-dependencies:
- dependency-name: aws-sdk
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Suppress various errors that can occur due to transient network issues
or unusual or old browsers. This helps improve the signal-to-noise ratio
of reports in Sentry.

Some of the transient network errors could be caught and handled more gracefully.
However for the moment suppressing them will allow us to focus on more
important crashes.

Extracted from https://github.com/hypothesis/client/pull/3589

Add a test case for tall iframes where the height of the frame is set to
match the document height. This mimics how the new VitalSource Bookshelf
reader presents book content. See
https://github.com/hypothesis/client/issues/3590#issuecomment-886229080

mustache-express caches templates by default unless Express's `view
cache` option is explicitly set to `false`, as opposed to merely being
unset. This is not mentioned in the documentation :(

I debated whether to replace the mustache-express dependency with a
custom integration. mustache-express does provide support for partials
though which might be useful in future. For future reference, rendering
templates without this dependency would look like:

```js
app.engine('mustache', async (filePath, options, callback) => {
  try {
    const template = await fsPromises.readFile(filePath, {
      encoding: 'utf8',
    });
    const rendered = Mustache.render(template, options);
    callback(null, rendered);
  } catch (err) {
    callback(err);
  }
});
```

The test happened to work without it, but the parameter is ostensibly
required.