Sanitize dashboard action before displaying it

We were using `<%==`, which is the same as using `raw`.

Note ERB Lint doesn't warn us of this usage. Brakeman does warn us,
though.

app/views/dashboard/actions/new_request.html.erb

@@ -2,7 +2,7 @@
 
 <div class="row expanded">
   <div class="small-12 medium-8 column">
-    <%== dashboard_action.description %>
+    <%= WYSIWYGSanitizer.new.sanitize(dashboard_action.description) %>
     <%= render "dashboard/form" %>
   </div>