feat: Use rel="noopener noreferrer nofollow ugc" on user links

[HowieHz]

fix #214

• + ugc 符合最新语义（Google 自 2019）

我调查了下其他的

• twikoo 是 noopener noreferrer nofollow ugc feat: Add nofollow and ugc to external links twikoojs/twikoo#907
• waline 是 ugc nofollow noopener noreferrer feat: add 'ugc' to link rel attributes walinejs/waline#3531
• artalk 是 noreferrer noopener nofollow feat: add 'ugc' to link rel attributes ArtalkJS/Artalk#1120
• valine 是 noopener

相关文档：

• nofollow 和 ugc 一起用以保证兼容性：https://developers.google.com/search/blog/2019/09/evolving-nofollow-new-ways-to-identify?hl=zh-cn#can-i-use-more-than-one-rel-value-on-a-link
• 几个用于出站链接的 rel 值（sponsored，ugc，nofollow）介绍：https://developers.google.com/search/docs/crawling-indexing/qualify-outbound-links?hl=zh-cn

---

没有把链接的 target / rel 处理放进 packages/comment-widget/src/utils/html.ts 的 cleanHtml()，而是放在了渲染期 packages/comment-widget/src/comment-content.ts。

给评论正文里的 统一补 target="_blank" 和 rel="noopener noreferrer nofollow ugc" 作为渲染策略，区分于清洗逻辑。如果要在清洗的时候就做这个 rel 修改，有以下问题：

• 首先数据库要额外保存 rel，要修改默认 sanitize-html 策略（附：sanitize-html 默认给 a 允许的是：href、name、target。）
• 之前数据不带 rel 的已有数据，在渲染时也不能自带加上新 rel。

[f2c-ci-robot]

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[HowieHz]

@JohnNiang 请求 review

[ruibaby]

/lgtm

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ruibaby

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [ruibaby]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment