fix: clear sensitive state on lock and flag IDN origins

[alez04]

Summary

• On wallet lock, immediately zero revealedSeed, passphraseInput, and
  close the reveal-seed and passphrase-prompt drawers in manage-accounts.tsx.
  dapp-approval-drawer.tsx already tracked lock state; it now also clears
  passphrase in the same effect.
• Added hasIdnHostname utility that detects xn-- punycode or non-ASCII
  characters in a parsed hostname. A shared IdnWarningBadge component renders
  an amber pill below the origin in the dApp approval drawer and the
  connected-sites settings page.

Test plan

• Open the reveal-seed drawer, wait for (or trigger) auto-lock — drawer
  closes and seed is cleared before the /unlock redirect
• Open the dApp approval popup with a signing request, trigger lock —
  passphrase field clears and drawer closes
• Existing lock → redirect to /unlock flow still works normally
• Load a dApp approval request from an xn-- origin — amber
  "Internationalized domain" badge appears below the origin
• Same badge appears on the connected-sites page for any IDN origin
• ASCII-only origins show no badge