Add secure SVG rendering and usevectors flags

[nmaguiar]

Motivation

• Enable LLM-generated raw SVG output in the web UI while keeping execution risk low by using the browser image sandbox (data URI) and lightweight sanitization.
• Provide a single meta-flag usevectors=true that enables both secure SVG output and existing Mermaid diagram guidance for convenient vector-enabled sessions.
• Offer a defense-in-depth path for future interactive SVG upgrades (e.g., DOMPurify) while keeping the initial implementation dependency-free.

Description

• Add two new flags: usesvg and usevectors across mini-a.yaml, mini-a.js, and mini-a-con.js, and make usevectors expand to usesvg=true and usediagrams=true when set.
• Extend MiniA.buildVisualKnowledge() in mini-a.js to accept useSvg and include concise LLM guidance for emitting safe SVGs and checklist entries that prefer Mermaid when applicable.
• Implement client-side SVG handling in public/index.md including preprocessSvgBlocks(), postprocessSvgBlocks(), sanitizeSvgContent(), and renderSvgBlocks() which sanitize raw SVG fences and render them as data:image/svg+xml;base64,... images inside a styled container.
• Wire SVG preprocess/postprocess/render steps into the markdown render/update/history/stream/theme pipelines and document the two new flags in CHEATSHEET.md.

Testing

• Ran git diff --check which reported no whitespace or diff-check issues.
• Performed static syntax checks with node --check mini-a.js and node --check mini-a-con.js, both of which succeeded.
• Attempted to start the web UI with ./mini-a-web.sh onport=8888 for runtime verification but the environment lacks ojob so the UI could not be launched here (manual web verification steps are provided in verification notes).
• Basic integration points exercised locally: markdown preprocessing/postprocessing pipeline updates and theme/streaming re-render hooks were validated by running the code checks above.