HTML Tool PoC spike for fragment defined in type index

[jg10-mastodon-social]

Closes #146

• New term is hosted and documented in RDFS at https://browser.pod-os.org/terms#htmlToolFragment
• ADR to self-host core browser vocabulary
• When a resource is loaded, a matching pane is identified in the type index
• DOMPurify is applied to the HTML, and pos-label is whitelisted (which has no attributes)
• The HTML is inserted into the page
• The resource event is respected (init is not yet tested) and pos-label renders.

---

• Tests have been written
  • all new code is covered by unit tests
  • the happy path of a new feature is covered by an end-to-end test
  • manual explorative tests have been performed
• all dependencies are updated to the latest patch version at minimum
• the CI pipeline passes
• documentation is up-to-date
  • TSDoc style comments on important functions, properties and events
  • stories for new PodOS elements have been added to storybook
  • Readme.md files of PodOS elements have been re-generated
  • architectural decisions are documented as an ADR
  • Changelogs are updated according to
    Keep a Changelog

[jg10-mastodon-social]

This test fails because DOMPurify.isSupported is undefined, so DOMPurify doesn't actually run in the tests.
Using isomorphic-dompurify is meant to fix this and doesn't, and I haven't successfully directly used jsdom either. There seems to be some kind of interaction with the stenciljs testing framework??

[jg10-mastodon-social]

As noted in #126 (comment), my intention here is that each white-listed component would manage its own set of tests to ensure that the HTML sanitization whitelists the right attributes etc. So when other changes are made, then these HTML sanitization tests are also updated.
(This is obviously dependent on getting DOMPurify to run correctly in the tests.)