Use URL origin instead of hostname for permission domains

[rekmarks]

window.location.hostname -> window.location.origin

We should include the protocol and port in permission domain origin strings, because they can point to completely different entities.

[metamaskbot]

Builds ready [74438ea]

• builds: chrome, firefox, opera
• bundle viz: background, ui, inpage, contentscript, ui-libs, bg-libs, phishing-detect
• dep viz: background
• all artifacts

Page Load Metrics (592 ± 53 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	30	92	39	13	6
		domContentLoaded	365	724	590	111	53
		load	366	725	592	111	53
		domInteractive	364	723	590	111	53

[Gudahtt]

We should update the phishing controller to expect an origin rather than a hostname as well, as it doesn't really make sense to apply those same phishing lists to protocols not tied to DNS. So it'll need to be a little smarter. That can wait for another time though.

[metamaskbot]

Builds ready [2a0265c]

• builds: chrome, firefox, opera
• bundle viz: background, ui, inpage, contentscript, ui-libs, bg-libs, phishing-detect
• dep viz: background
• all artifacts

Page Load Metrics (692 ± 81 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	32	90	48	15	7
		domContentLoaded	373	987	690	169	81
		load	375	988	692	169	81
		domInteractive	373	986	690	169	81

[Gudahtt]

LGTM!

[Gudahtt]

It would be nice to hide the "default" protocols and ports, so that our current designs effectively don't change. e.g. hide HTTPS and default ports. But that can be a separate PR.