Sanitize annotation context before displaying it

There's a case where we would face a Cross-Site Scripting attack. An
attacker could use the browser's developer tools to add (on their
browser) a `<code>` tag with a `<script>` tag inside in the text of the
draft version. After doing so, commenting on that text would result in
the attacker's JavaScript being executed.

app/views/legislation/annotations/index.html.erb

@@ -22,7 +22,7 @@
           <% end %>
         </span>
         <div class="comment-section">
-          <%= annotation.context.try(:html_safe).presence || annotation.quote %>
+          <%= sanitize(annotation.context).presence || annotation.quote %>
         </div>
         <%= link_to legislation_process_draft_version_annotation_path(@process, @draft_version, annotation) do %>
           <span class="icon-comments" aria-hidden="true"></span> <span><%= t(".comments_count", count: annotation.comments_count) %></span></a>

app/views/legislation/annotations/show.html.erb

@@ -19,7 +19,7 @@
             <div class="comment-section">
               <div class="row">
                 <div class="small-12 medium-9 column legislation-comment">
-                  <%= @annotation.context.try(:html_safe).presence || @annotation.quote %>
+                  <%= sanitize(@annotation.context).presence || @annotation.quote %>
                 </div>
                 <div class="small-12 medium-3 column legislation-comment">
                   <span class="float-right">