fix: apply HTML sanitization to email sending path as well

Sanitize newsletter HTML immediately after markdown rendering in
send_newsletter, before link shortening and tracking rewrite. This
ensures dangerous elements are stripped from both the public archive
view and outgoing emails.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: yoyo930021

src/newsletter.rs

@@ -204,8 +204,9 @@ pub async fn send_newsletter(
         .map_err(|e| e.to_string())?,
     };
 
-    // Render markdown → HTML, then absolutize relative image paths for email clients
+    // Render markdown → HTML, sanitize, then absolutize relative image paths for email clients
     let content_html = render_markdown(&markdown_content);
+    let content_html = sanitize_html(&content_html);
     let content_html = absolutize_image_srcs(&content_html, &state.config.base_url);
 
     // Update rendered_html