refactor: win.webContents.executeJavaScript(src) to use promises

[matthewmueller]

This should allow us to remove the javascript.js and enable context isolation for better security.

docs: https://electronjs.org/docs/api/web-contents#contentsexecutejavascriptcode-usergesture-callback