fix(front-end): add more security fixes for formatted lists and notifier

- introduce html escape function
- escape message content in notifier plugin
- escape user name in ConversationListItem
- escape user name in the Event EditView contacts section
- display user summary as plain text in ActorCard

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

src/plugins/notifier.ts

@@ -1,3 +1,4 @@
+import { escapeHtml } from "@/utils/html";
 import { App } from "vue";
 
 export class Notifier {
@@ -21,7 +22,7 @@ export class Notifier {
 
   private notification(message: string, type: string) {
     this.app.config.globalProperties.$oruga.notification.open({
-      message,
+      message: escapeHtml(message),
       duration: 5000,
       position: "bottom-right",
       type,