fix: add rel option to external links in content (#1853)

* #1853: XSS attack fix by adding rel noferrer or rel noopen to _blank target external links

* fix: relAttributeExternalLink noopener

Co-authored-by: danallendds <daniel.allen@friends.dds.mil>
Co-authored-by: Nicolas Giard <github@ngpixel.com>

server/modules/rendering/html-security/renderer.js

@@ -6,7 +6,7 @@ module.exports = {
       input = xss(input, {
         whiteList: {
           ...xss.whiteList,
-          a: ['class', 'id', 'href', 'style', 'target', 'title'],
+          a: ['class', 'id', 'href', 'style', 'target', 'title', 'rel'],
           blockquote: ['class', 'id', 'style'],
           code: ['class', 'style'],
           details: ['class', 'style'],