Dodge nasty HTML in data content more aggressively

[towerofnix]

This is somewhat scary stuff, but appears to all be working correctly. 🏴‍☠️

This PR does not guarantee thorough sanitization of content sourced from data files, but it does running into unexpected issues hopefully much less common of an occurrence.

Notable changes:

• formatString (aka language.$) now HTML-escapes all string arguments provided.
• formatString now returns its results wrapped in a nameless, attributeless tag, indicating that its results are "sanitized" and shouldn't be sanitized by later calls to formatString.
• Same changes for list formatting utilities (new private utilities #sanitizeStringArg and #wrapSanitized do the heavy lifting).
• Template now accepts HTML in {type: 'string'} arguments. These are automatically stringified (.toString()) before being exposed to the description's content(slots) function (or generate(slots)). This is so that these can still accept "strings" returned from formatString (which are wrapped in tags now).
• In cases where a formatted or non-formatted string may be provided, and will be directly embedded in HTML rather than passed as an argument to formatString, the new utility language.sanitize() will escape HTML in non-formatted strings (and return the results wrapped in a tag).
  • This is only used in generateCoverGrid at the moment, but there are potentially more cases that would benefit.