Review use of `mark_safe` when building HTML code in template tags

[elichad]

          After reading https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.html.format_html I think we should review our use of `mark_safe`, as `format_html` may be more appropriate.

Originally posted by @pbanaszkiewicz in https://github.com/carpentries/amy/pull/2553#discussion_r1389697360

In the wake of https://github.com/carpentries/amy/pull/2567 I agree that this is a good idea.

[elichad]

High priority to investigate; can be re-assessed and re-prioritised once we know if/how much work there is to do & if there are any security problems that need to be addressed urgently.