fix: filter all requests not just xhr, all requests are potentially harmfull (can spy on the user via header, etc...)

[peter-sanderson]

If we got somehow code injection like this, it will get through as the request-filter.ts only check for xhr requests.

Asset loading can be potentially harmful as well. It can be utilized for

1. Spying on the user with headers
2. Showing scams and phishing
3. ... and probably more

ALL requests suite does shall be subject to the whitelisting to reduce the attack vector.

For QA

• this may break some asset loading we have in case we are not whitelisting it
• I assume that something like fiat-rates, coin logos, etc... may be affected by this

Related to: #7171

[Lemonexe]

LGTM

• Briefly looking at tokens and invity, I didn't come across any blocked asset (no log in console) ✔️
• I did not succeed at displaying cat ✔️

[peter-sanderson]

/rebase

[github-actions]

Start rebasing: https://github.com/trezor/trezor-suite/actions/runs/12688614150

[bosomt]

QA OK

• logos OK
• guide OK
• trade OK
• appstores icons OK
• DCA section OK
• ETH tokens OK

Info:

• Suite version: desktop 25.2.0 (28f0437)
• Browser: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) TrezorSuiteDev/25.2.0 Chrome/128.0.6613.186 Electron/32.2.6 Safari/537.36
• OS: MacIntel
• Screen: 1512x982
• Device: Trezor T3T1 2.8.7 regular (revision 8a254aa8eae82f99630df63f40e4d290066a3efc)
• Transport: BridgeTransport 2.0.33