Make notes, comments and announcements markdown aware

[nilmerg]

Adds a new view helper Markdown which allows to transform markdown.

$this->markdown($text)

At the moment markdown is transformed for notes, comments and announcements. (yep, I thought this suits here as well)

resolves #3684
resolves #3441
resolves #2831

[lippserd]

I don't see why we should limit the allowed tags or CSS attributes for either text or line. We had kind of the same problem with the the plugin output. We added more and more allowed tags and CSS attributes over time. I think users would like the full flexibility. The default configuration should be sufficient in terms of security. Maybe we should consider setting Parsedown's safe mode to true with Parsedown:: setSafeMode(). The Markdown class should cache the Parsedown and HtmlPurifier instances.

[nilmerg]

Tags are not limited anymore. I've just omitted the esoteric ones such as e.g. ruby, details and tt. Basically everything parsedown may possibly produce is allowed.

Enabling safe mode is a good idea, yes. Though, prior allowing all attributes I'd verify that things like onclick or onhover don't work.

The Markdown class doesn't need to cache anything as the Parsedown class already caches its own instance and caching the HtmlPurifier does not help much. I'd rather introduce a cache directory.

[nilmerg]

Removed the attribute limitations. HtmlPurifier is already smart enough to remove all risky ones. (e.g. onclick)

Parsedown's safe mode however also escapes any raw markup and only allows markdown syntax. And now switching over to only markdown doesn't seem right. So safe mode is not an option.

[lippserd]

Sounds good. But the HTML tags are still limited. Why not just allow them all?

[nilmerg]

Removed tag limitations and dropped the distinction between phrasing and block level content. It's all everything now.

Also, HtmlPurifier now got its own cache directory in our file cache.