Safety: intercept window.nostr events

To make sure a hypernote page doesn't do shitty stuff with an npub, we should ideally "scope" permissions per npub route. So the npub is the "domain" and they authorize that, but if they go to another domain they don't? That still might not be safe enough idk.