Use sanitize instead of html_safe

The difference is `html_safe` allows every HTML tag, including the
`<script>` tag, while `sanitize` only allows tags which are considered
safe. In this case, we want to allow a `<span>` tag in a translation,
and links inside flash messages.

app/views/budgets/ballot/_ballot.html.erb

@@ -26,8 +26,8 @@
           <h3>
             <%= group.name %> - <%= @ballot.heading_for_group(group).name %>
           </h3>
-          <%= link_to t("budgets.ballots.show.remaining",
+          <%= link_to sanitize(t("budgets.ballots.show.remaining",
-                      amount: @ballot.formatted_amount_available(@ballot.heading_for_group(group))).html_safe,
+                      amount: @ballot.formatted_amount_available(@ballot.heading_for_group(group)))),
                       budget_group_path(@budget, group) %>
         </div>
         <% if @ballot.has_lines_in_group?(group) %>

app/views/kaminari/_gap.html.erb

@@ -1,3 +1,3 @@
 <li class="ellipsis" aria-hidden="true">
-  <%= t("views.pagination.truncate").html_safe %>
+  <%= sanitize(t("views.pagination.truncate")) %>
 </li>

app/views/layouts/_flash.html.erb

@@ -5,7 +5,7 @@
         <span aria-hidden="true">&times;</span>
       </button>
       <div class="notice-text">
-        <%= flash_message.try(:html_safe) %>
+        <%= sanitize(flash_message) %>
       </div>
     </div>
   </div>