Switch to dompurify for sanitizing markdown content (#131950)

* Switch to dompurify for sanitizing markdown content

Switches us from using `insane` to instead use `dompurify`, which seems to be better maintained and also has some nice features, such as built-in trusted types support

I've tried to port over our existing sanitizer settings as best as possible, but there's not always a 1:1 mapping between how insane works and how dompurify does. I'd like to get this change in early in the iteration to catch potential regressions

* Remove logging and renaming param

* Move dompurify to browser layer

* Fixing tests and how we check valid attributes

* Allow innerhtml in specific files

* Use isEqualNode instead of checking innerHTML directly

innerHTML can return different results on different browsers. Use `isEqualNode` instead

* Reapply fix for trusted types

* Enable ALLOW_UNKNOWN_PROTOCOLS

I beleive this is required since we allow links to commands and loading images over remote

* in -> of

* Fix check of protocol

* Enable two more safe tags

1 files changed, 1 insertions, 1 deletions

diff --git a/.eslintignore b/.eslintignore
index d76ad06c5e8..ec701c48888 100644
--- a/.eslintignore
+++ b/.eslintignore
@@ -3,7 +3,7 @@
 **/vs/css.build.js
 **/vs/css.js
 **/vs/loader.js
-**/insane/**
+**/dompurify/**
 **/marked/**
 **/semver/**
 **/test/**/*.js