Missing ^ Line Beginner Leads to Origin Spoofing

@pkkr identified a vulnerability in MetaMask’s regex-based origin validation for endowments. Due to a missing caret (^) anchor at the beginning of the regex pattern in the createOriginRegExp function, origin spoofing was possible. This oversight allowed malicious domains like maliciousmetamask.io to be treated as trusted if the intended rule was to trust metamask.io. This issue could have led to unauthorized interactions with trusted Snaps, bypassing intended security restrictions. We appreciate @pkkr for identifying this flaw and helping us improve MetaMask’s security.