feat(security): add XSS sanitization and security headers

[kelvinkipruto]

Description

• Sanitize user-provided embed HTML with xss library
• Add Content-Security-Policy and other security headers
• Normalize CORS/CSRF origins and set default allowed origin
• Update HelplineCard, RowCard, and ActionBanner components to use sanitized embed code

Fixes # (issue)

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)

Screenshots

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation

[kilemensi]

It's cool to sanitize @kelvinkipruto if it's not a lot of work. Remember, we're not getting content from end users i.e. the web like reddit. We're rendering content from a CMS managed and reviewed by trusted content editors.