ActionView sanitize helper bypass with style

Rails-html-sanitizer, which Rails AtionView also uses, fails to sanitize input when the `style` tag is allowed, leading to XSS. A vulnerable example would have been as follows; ```ruby <%= sanitize @comment.body, tags: ["style"] %> ``` You could see other patterns/places where this is used in the security advisory. View #2519936 for details. ## Impact Sanitizer bypass that leads to XSS on applications built with it. It also affects applications using Rails Action View's sanitize helper: https://api.rubyonrails.org/v7.2/classes/ActionView/Helpers/SanitizeHelper.html