4.0.0

Update to include proper sanitation

This update ensures HTML is properly sanitised, by default. Think
javascript:alert(1) URLs in links, but much more as well.
Additionally, instead of depending on unsafe htmlContent,
htmlName, and htmlAttributes, only virtual data is now supported;
respectivly hChildren, hName, and hProperties (corresponding
to hast properties).

Note that, with rehype soon being introduced, plug-ins should switch
to being rehype-compatible anyway.