fix(SNOTES-480): display tag title as string in delete dialog

[antsgar]

In the SKAlert component, both the title and the message of the dialog are being interpolated within the rest of the HTML, and then all of that HTML is set as innerHTML for the corresponding element. This means if the title or the message contain HTML themselves, it will be rendered within the dialog. This PR changes the implementation so that the initial template will include empty elements where the title and message will then be set using textContent, so that they're always displayed as strings.

Updated:
Because there are a few places where we intentionally use HTML within the strings for a dialog, I decided to go in a different direction and escape the HTML for notes/tags/files titles.

• Ultimately it could be better to move away from passing HTML to the alerts because there's a risk that we might forget to escape strings for user-created entities in the future again.
• I'm not entirely sure I covered all the possible cases of user-created HTML strings that should be escaped.
• When possible I updated to use functions from StringUtils. Having all of the strings in that one file should make it easier to spot cases where we're not escaping when needed.