Add SanitiseHtml helper method

[donaldgray]

Adds SanitiseHtml() extension method for sanitising markup inline with https://iiif.io/api/presentation/3.0/#45-html-markup-in-property-values

This introduces a dependency on https://github.com/mganss/HtmlSanitizer but this appears to be the goto library for dotnet and saves a lot of work.

The above lib doesn't support specifying valid tags per attribute but provides RemovingAttribute callback that allows same functionality by specifying no attributes are allowed and cancel those that should be safe in the callback.

It's not specified in the spec but the method will wrap content in a provided tag (defaults to span) if the string doesn't start with < and end with >. This makes an assumption that this method is only ever called when consumer wants the output to be markup.

I wasn't sure on this or whether it is better to throw an exception if the provided string doesn't start with < and end with >. Wrapping it is more forgiving but can result in some unexpected results as HtmlSanitizer lib auto-closes some tags.