Escape HTML from Non-HTML String fields

Currently Pleroma-FE treats everything that comes from the backend as HTML, even if it's supposed to be a non-HTML string. Because every other client treats it as a non-html string, this results in either users of other clients seeing broken strings or an XSS in Pleroma-FE.

Pleroma-FE should escape non-html fields (see list at https://docs.joinmastodon.org/api/entities/ ) on the client side.