Warn users to only add custom networks that they trust

[rekmarks]

Adds a warning to the custom RPC form warning users to only add networks that they trust.
Copy is up for debate. Currently:

A malicious Ethereum network provider can lie about the state of the blockchain and record your network activity. Only add custom networks you trust.

Also gives the poor settings page sub-header some breathing room via top/bottom padding. It's only used in the custom RPC form.

Fixes #8667

Screenshot (old copy)

[rekmarks]

cc: @jakehaugen

[metamaskbot]

Builds ready [1d7ebf4]

• builds: chrome, firefox, opera
• bundle viz: background, ui, inpage, contentscript, ui-libs, bg-libs, phishing-detect
• dep viz: background
• all artifacts

Page Load Metrics (583 ± 16 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	28	38	32	3	2
		domContentLoaded	445	615	582	33	16
		load	447	616	583	33	16
		domInteractive	445	614	581	33	16

[metamaskbot]

Builds ready [1d7ebf4]

• builds: chrome, firefox, opera
• bundle viz: background, ui, inpage, contentscript, ui-libs, bg-libs, phishing-detect
• dep viz: background
• all artifacts

Page Load Metrics (648 ± 39 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	31	86	41	15	7
		domContentLoaded	356	759	646	80	38
		load	358	761	648	80	39
		domInteractive	356	759	645	80	38

[Gudahtt]

I'm not sure about the copy; "record your on-chain activity" is decidedly innocuous, since on-chain activity is public anyway.

This goes beyond recording on-chain activity. The RPC endpoint would see all messages, many of which don't result in on-chain activity. It would also see your IP address, letting it correlate activity from different accounts sharing the same IP.

I'm not sure how to best word this, but those seem like the real threats to me - not on-chain activity. I'll see if I can think of an alternate wording.

[rekmarks]

@Gudahtt, yeah, it's a bit thorny because I doubt most users have any idea of the kinds of network activity going on.

How about "record your Ethereum-related activity"? Or "Ethereum-related network traffic"?

I was thinking about "read" instead of "record" also, but I'm concerned users might take it to imply that they can read private data.

Edit: Where we define "private" as e.g., your keys or something.

[Gudahtt]

The RPC endpoint could also lie about the current state of the blockchain. That could be used to do sneaky things.

[Gudahtt]

LGTM!

[metamaskbot]

Builds ready [2103d50]

• builds: chrome, firefox, opera
• bundle viz: background, ui, inpage, contentscript, ui-libs, bg-libs, phishing-detect
• dep viz: background
• all artifacts

Page Load Metrics (697 ± 32 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	34	88	44	12	6
		domContentLoaded	538	853	695	67	32
		load	540	855	697	67	32
		domInteractive	538	852	694	67	32