feat: 🎸 sanitize HTML in createElement

[AdamGold]

Decided to go with https://github.com/cure53/DOMPurify for a few reasons:

1. Newest version does not contain any known vulnerabilities: https://snyk.io/vuln/npm:dompurify
2. Easy to use
3. They offer a bug bounty program
4. Worked really well on the payloads that I've tried:

		const doc = new jsPDF();
		window.html2canvas = html2canvas;
		const html = `
<p id='test'>a</p>
	<img src=x onerror=eval("document.getElementById('test').innerHTML=window.location") />
<img src=x onerror=alert('XSS');>
<img src=x onerror=alert('XSS')//
<img src=x onerror=alert(String.fromCharCode(88,83,83));>
<img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));>
<img src=x:alert(alt) onerror=eval(src) alt=xss>
"><img src=x onerror=alert('XSS');>
"><img src=x onerror=alert(String.fromCharCode(88,83,83));>
<svgonload=alert(1)>
<svg/onload=alert('XSS')>
<svg onload=alert(1)//
<svg/onload=alert(String.fromCharCode(88,83,83))>
<svg id=alert(1) onload=eval(id)>
"><svg/onload=alert(String.fromCharCode(88,83,83))>
"><svg/onload=alert(/XSS/)
<sCrIpt>alert(1)</ScRipt>
	`;
	doc.html(html, {
	callback: function (doc) {
	}
	});

Closes #2795

[AdamGold]

@HackbrettXXX Please verify that everything works as I have tested this locally by changing the dist code, but haven't installed it via npm locally.

[HackbrettXXX]

Looks good. Thank you very much for the help. I'll notify you as soon as the new release is out.