Sanitize translations instead of using _html

Using the `_html` suffix in an i18n key is the same as using `html_safe`
on it, which means that translation could potentially be used for XSS
attacks.

app/views/admin/organizations/index.html.erb

@@ -67,7 +67,7 @@
 
   <% if hidden > 0 %>
     <div class="callout warning">
-      <%= t("admin.organizations.index.hidden_count_html", count: hidden) %>
+      <%= sanitize(t("admin.organizations.index.hidden_count", count: hidden)) %>
     </div>
   <% end %>