Use sanitize instead of html_safe

The difference is `html_safe` allows every HTML tag, including the
`<script>` tag, while `sanitize` only allows tags which are considered
safe. In this case, we want to allow a `<span>` tag in a translation,
and links inside flash messages.

app/views/kaminari/_gap.html.erb

@@ -1,3 +1,3 @@
 <li class="ellipsis" aria-hidden="true">
-  <%= t("views.pagination.truncate").html_safe %>
+  <%= sanitize(t("views.pagination.truncate")) %>
 </li>