Add escapeHtml utility and apply to all user-controllable SweetAlert2 html

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/utils/escapeHtml.js

@@ -0,0 +1,13 @@
+/**
+ * Escapes HTML special characters to prevent XSS.
+ * @param {string} str The string to escape.
+ * @returns {string} The escaped string.
+ */
+export function escapeHtml(str) {
+  return str
+    .replace(/&/g, '&')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;')
+    .replace(/'/g, '&#039;');
+}