Use SecureQLabel for message previews

[emkll]

Description

Fixes #706 , ensures the message previews are properly escaped. Reply previews are also escaped.

before:

after:

Test Plan

• Build a deb on this branch
• install into sd-app or sd-app-buster-template
• submit a message with rich text tags on source interface
• observe tags are escaped properly
• the tests provided in this pr provide sufficient coverage

Checklist

If these changes modify code paths involving cryptography, the opening of files in VMs or network (via the RPC service) traffic, Qubes testing in the staging environment is required. For fine tuning of the graphical user interface, testing in any environment in Qubes is required. Please check as applicable:

• I have tested these changes in the appropriate Qubes environment
• I do not have an appropriate Qubes OS workstation set up (the reviewer will need to test these changes)
• These changes should not need testing in Qubes

If these changes add or remove files other than client code, packaging logic (e.g., the AppArmor profile) may need to be updated. Please check as applicable:

• I have submitted a separate PR to the packaging repo
• No update to the packaging logic (e.g., AppArmor profile) is required for these changes
• I don't know and would appreciate guidance

[eloquence]

Regression: "Compose a reply to" formatting in reply placeholder is now escaped

[emkll]

Dropped the second commit, as the ReplyWidget inherits from SpeechBubble https://github.com/freedomofpress/securedrop-client/blob/master/securedrop_client/gui/widgets.py#L1638 which uses SecureQLabel https://github.com/freedomofpress/securedrop-client/blob/master/securedrop_client/gui/widgets.py#L1589 so that change was not required

[eloquence]

That did the trick, regression is fixed. Tested outside Qubes for now, works as expected -- preview snippets & messages/replies look identical, and are displayed safely.

[sssoleileraaa]

tested in qubes and lgtm!