Fix security vulnerabilities: XSS, hyperlink validation, and Ghostscript hardening

[garland3]

This PR addresses multiple security issues:

• Issue #218: XSS vulnerability in inline scripts - Fixed by escaping tags in JavaScript code.
• Issue #219: Unsafe hyperlink validation - Fixed by enforcing allowlist of safe URI schemes.
• Issue #220: Ghostscript subprocess hardening - Fixed by using absolute paths and ensuring -dSAFER flag.

Changes include:

• Modified toyplot/html.py to escape script closing tags.
• Updated toyplot/require.py hyperlink function with scheme validation.
• Hardened toyplot/reportlab/png.py Ghostscript invocation.
• Added unit tests for security fixes.
• Updated CI to run security tests.