HTML injection bug reintroduced in <AppNodeText>

[ptgolden]

While (finally) fixing up #945, I noticed that the HTML injection I fixed in #908 was reintroduced in a0f2eef to support highlighting text. Along with being potentially unsafe for XSS bugs (as was flagged by Claude in that PR), it also causes labels that have text <enclosed in brackets> to render incorrectly. Here's one example of that: https://monarchinitiative.org/NCBITaxon:10232. This label is actually Acanthocephala <thorny-headed worms> not just Acanthocephala as is rendered. If you inspect the DOM, the problem is apparent:

There are probably valid reasons people might want to enclose some text <in brackets>. The approach I took in rewriting AppNodeText was to selectively render only a few tags (<b>, <a>, <i>, <sup>, if I remember correctly). We should go back to that, but also figure out a way to support highlighting.

[ptgolden]

Here's another example, which has a description which includes the line "Blood exams show alterations of several immune cells with very high numbers of polyclonal B cell lymphocytos (above 2200/N<l) and few memory B cells." Here's how that's rendered, since < is unescaped: