Document HTML sanitation policy

[waylan]

This is a first draft of documentation addressing #1479. I don't think I will use this as-is. The same text is reused multiple times, which gets redundant. And we still don't address the API documentation in all the same methods/functions as well as the CLI documentation. I think perhaps a separate page would be more appropriate and then a one sentence warning which points to that page would be appropriate in each relevant location. The separate page could also document the policy for never raising an error on Markdown input and any other relevant security-based issues that might exist.

[waylan]

I think this is ready now. It ended up being more work than I expected. Any feedback is welcome.

A few notes:

1. We are now recommending JustHTML for HTML sanitation. Unlike other tools, it sanitizes by default and is a pure Python library.
2. I have included some direction for bleach and its Rust clone (nh3).
3. I have made significant updates to the CLI documentation to better organize the subsections by importance. Also added some more information about piping output and the fact that we output HTML fragments. While technically not directly related to this issue, JustHTML provides an easy solution, so it seemed natural to include here.