Port over of WT-1217 from Springfield: Drop HTML comments from sanitized output

[stevejalim]

Since switching from bleach to justhtml (WT-578), HTML comments in Markdown sources may have been surfaced on the page as literal <!-- ... --> text because the markup was HTML escaped. With the setting on disallowed_tag_handling="escape", justhtml's escape pass wins over its DropComments transform, and using an explicit Sanitize() to force ordering discards our custom policy.

This issue was visible on release-notes pages on www.firefox.com and we're making the same change here for consistency.

The fix is to strip <!--...--> with a regex before handing the HTML to justhtml. This keeps the escape behaviour for unknown tags so example markup still renders as visible source.

Original PR mozmeao/springfield#1369

[maureenlholland]

r+

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.34%. Comparing base (a997e3d) to head (a058321).

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #17183   +/-   ##
=======================================
  Coverage   82.33%   82.34%           
=======================================
  Files         181      181           
  Lines        9705     9709    +4     
=======================================
+ Hits         7991     7995    +4     
  Misses       1714     1714           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.