Validate shown and linkified `@`keys

[Martii]

Need at least scheme URL check validation for @homepageURL and @supportURL... otherwise don't link, don't show and/or do strip. A generic function something described like:

function validateURL(aString, [aProtocol, aProtocol, ...]) {

 // Some tests

  return;
}

... would be nice... or just sanitize it with whatever we end up using for that.

Affected Dependencies:

• Swap out simple-xss for sanitize-html #190 (deployed) May be needed for this issue
• Add support for only one last @supportURL, fix naming standardization, and such #189 (may need to be merged since we already have at least one hole... that way if someone wants to take it before I get back they don't have to do it more than once.)

[Martii]

Since no one took this over the weekend... including a fix in #189 ... closing.