Builder does not generate HTML safe for usage with user input

Linkify cannot safely be used on user input as of now, since the result is a simple binary and will be rendered as escaped HTML by Phoenix (unless wrapped in a :safe tuple, i.e. {:safe, result}). This is expected, because otherwise the user input would be vulnerable to HTML injection, however it also means that the anchor tags generated by Linkify will be escaped.

To fix this, I adjusted Linkify.Parser to accumulate the result as iodata instead of as a binary, then modified Linkify.Builder to mark built links as safe ([{:safe, "<a #{attrs}>"}, url, {:safe, "</a>"}]). Since Phoenix accepts iodata, there's no need to stringify the result even, and we can have linkified HTML that is free of vulnerabilities.

I've implemented this locally already and it's working great, if it makes sense for this project I'm happy to open a PR for this one as well!