fix(share-embed): rewrite permalink URL origin to browsing origin

Sharing an embed code on docker-light produced an iframe pointing at the
internal container hostname:

  <iframe src="http://superset-light:8088/superset/explore/p/<key>/?...">

Anyone copying that iframe outside the container network gets a broken
embed.

Root cause is upstream: the permalink endpoints build the URL with
`url_for(..., _external=True)`, which uses Flask's `request.host_url`.
With `ENABLE_PROXY_FIX=False` (default) or any proxy that doesn't pass
`X-Forwarded-Host`, that's the internal hostname Flask saw — not the
user's browsing origin.

Fix is frontend-only and deployment-agnostic. New helper
`rewritePermalinkOrigin` replaces the URL's origin with
`window.location.origin`, preserving path + query + hash so the
subdirectory prefix survives. `resolvePermalinkUrl` calls it on the
non-embedded branch (chart and dashboard permalinks both flow through
here). Embedded-mode path is unchanged: the host SDK's Switchboard
callback is the authoritative override there, and the iframe's origin
is not necessarily reachable from where the user will paste the embed.

Defensive guards:
- Falsy `window.location.origin` (some test stubs replace `location`
  with `{ href: '' }`) returns input unchanged rather than emitting
  `"undefined/..."`.
- `new URL()` throw (relative path, garbage) returns input unchanged.

Pin the new behaviour with 5 cases in `urlUtils.test.ts` (docker-light
repro, query+hash preservation, same-origin no-op, unparseable input,
missing origin). 78 tests across `urlUtils`, `EmbedCodeContent`,
`ShareMenuItems`, and dashboard `Header` suites stay green.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>