#2931639 ActionView sanitize helper bypass with math-related tags

Rails-html-sanitizer, which Rails AtionView also uses, fails to sanitize input when the style tag is allowed, leading to XSS. A vulnerable example would have been as follows; ```ruby <%= sanitize @comment.body, tags: ["math", "mtext", "table", "style", "mglyph"] %> <%# or %> <%= sanitize @comment.body, tags: ["math", "mtext", "table", "style", "malignmark"] %> ``` You could see other patterns/places where this is used in the security advisory. View #2519936 for details. ## Impact Sanitizer bypass that leads to XSS on applications built with it. It also affects applications using Rails Action View's sanitize helper: https://api.rubyonrails.org/v7.2/classes/ActionView/Helpers/SanitizeHelper.html