fix(email-preview): use allow-same-origin sandbox so contentDocument is accessible (NPPD-1525)

With sandbox="" the iframe is treated as a unique opaque origin, making
contentDocument null. The onLoad handler returned early and never set
isReady, leaving the spinner visible indefinitely. allow-same-origin is
safe here because allow-scripts is not set.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: kmwilkerson

src/wizards/newspack/views/settings/emails/email-preview.tsx

@@ -161,7 +161,7 @@ const EmailPreview: React.FC< EmailPreviewProps > = ( { postId } ) => {
 					ref={ iframeRef }
 					className="newspack-email-preview__iframe"
 					srcDoc={ html }
-					sandbox=""
+					sandbox="allow-same-origin"
 					tabIndex={ -1 }
 					title="Email preview"
 					onLoad={ handleIframeLoad }