[name-controller] Fix prototype-polluting assignments

[MajorLift]

Fix the following CodeQL security alerts:

• https://github.com/MetaMask/core/security/code-scanning/4
• https://github.com/MetaMask/core/security/code-scanning/5

Approach 1

Replace the flagged property assignments by returning an updated object in the enclosing this.update() call, or using Object.assign to mutate the state object.

Object.assign and spread operator syntax are both safe to use for this purpose as they only enumerate "own" properties of object literals.

For an example of this approach, see: https://github.com/MetaMask/core/pull/3963/files#diff-1eb134c9c5a9dd0a4e4838f719ba67723f61fdacd8bfc1a9acef96366b7578fbR207-R236

Approach 2

Validate that the dynamic string property in question does not evaluate to __proto__ before performing the assignment operation.