[bug] html-sanitize config allows links in form submissions

[signebedi]

This is probably entirely because of the config we use. Specifically, we use the same html-sanitize config for form data as we use for parsing docs, privacy message, and the homepage message. These should by all accounts employ different configurations, if for no other reason because the people we expect to be submitting forms (general end users with varying degrees of scoped system access) are meaningfully different from those with access to change the docs, privacy policy, and homepage message (system admins, all of whom must, as a core assumption, have higher levels of system access). As such, we can probably just create two sanitizer objects in libreforms_fastapi.utils.docs.

Originally posted by @signebedi in #245 (comment)

[signebedi]

We've resolved this by essentially preventing all substantive HTML tags like and . May want to revisit at some time.

[signebedi]

Allow iframes in inner docs
We should allow admins to embed iframes in docs, homepages, etc.