fix: bind empty message string as plain text to avoid xss

BREAKING CHANGE: `emptyMessage` no longer allow passing html to prevent XSS attacks. use slot based content projection `empty-content` for displaying html rich empty content message.

Author: chintankavathia

projects/ngx-datatable/src/lib/components/datatable.component.html

@@ -79,11 +79,9 @@
       </ng-content>
       <ng-content select="[empty-content]" ngProjectAs="[empty-content]">
         <div role="row">
-          <div
-            role="cell"
-            class="empty-row"
-            [innerHTML]="messages.emptyMessage ?? 'No data to display'"
-          ></div>
+          <div role="cell" class="empty-row">
+            {{ messages.emptyMessage ?? 'No data to display' }}
+          </div>
         </div>
       </ng-content>
     </datatable-body>