Security hardening: YMetrika and Embed

[tmshv]

Problems

1. dangerouslySetInnerHTML in YMetrika — src/components/YMetrika/index.tsx
   Script string is built via template literal interpolation. Migrate to Next.js <Script> component with strategy="afterInteractive". Remove HTML comments from inside the script body.

2. Iframe Embed without sandbox — src/components/Embed/index.tsx:17-23
<iframe> renders arbitrary src from MDX without restrictions. Add security attributes:

   <iframe
     src={props.src}
     sandbox="allow-scripts allow-same-origin"
     loading="lazy"
     style={{ border: 'none' }}
   />

   Also remove deprecated frameBorder attribute.