fix(registry): Prevent prototype polluting

From CodeQL:
> Most JavaScript objects inherit the properties of the built-in Object.prototype object. Prototype pollution is a type of vulnerability in which an attacker is able to modify Object.prototype.
> Since most objects inherit from the compromised Object.prototype object, the attacker can use this to tamper with the application logic, and often escalate to remote code execution or cross-site scripting.

To fix the problem, we need to ensure that the `appId` cannot be used to modify the `Object.prototype`.

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

Author: susnux

lib/registry.ts

@@ -76,6 +76,9 @@ export function registerAppTranslations(
 	translations: Translations,
 	pluralFunction: PluralFunction,
 ) {
+	if (appId === '__proto__' || appId === 'constructor' || appId === 'prototype') {
+		throw new Error('Invalid appId');
+	}
 	window._oc_l10n_registry_translations = Object.assign(
 		window._oc_l10n_registry_translations || {},
 		{