Add html sanitization enhancement for email message

[gaobinlong]

Description

The main change of this PR is to add html sanitization enhancement for sending html format email message, there are three main settings for this enhancement:

• opensearch.notifications.core.email.enable_html_sanitization, defaults to true
• opensearch.notifications.core.email.html_sanitization_allow_list, defaults to ["blocks_group", "formatting_group", "images_group", "links_group", "styles_group", "tables_group"]
• opensearch.notifications.core.email.html_sanitization_deny_list, defaults to []

when enable_html_sanitization is set to true and sending a email with html format, the content of the email will be sanitized by the html sanitizer according to html_sanitization_allow_list and html_sanitization_deny_list, notice that html_sanitization_deny_list only takes effect when html_sanitization_allow_list is not empty.

Issues Resolved

#586

Check List

• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

Merging #694 (83b9df2) into main (52eaba6) will increase coverage by 0.82%.
The diff coverage is 76.99%.

❗ Current head 83b9df2 differs from pull request most recent head 64c185c. Consider uploading reports for the commit 64c185c to get more accurate results

@@             Coverage Diff              @@
##               main     #694      +/-   ##
============================================
+ Coverage     61.84%   62.66%   +0.82%     
- Complexity      114      144      +30     
============================================
  Files            73       73              
  Lines          2495     2601     +106     
  Branches        266      283      +17     
============================================
+ Hits           1543     1630      +87     
- Misses          775      789      +14     
- Partials        177      182       +5     

Flag	Coverage Δ
opensearch-notifications	62.66% <76.99%> (+0.82%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...ensearch/notifications/spi/model/MessageContent.kt	0.00% <0.00%> (ø)
...rch/notifications/core/client/EmailMimeProvider.kt	71.13% <72.41%> (+1.13%)	⬆️
...earch/notifications/core/setting/PluginSettings.kt	81.00% <90.00%> (+1.60%)	⬆️

... and 1 file with indirect coverage changes

[gaobinlong]

By testing with alerting plugin, and using a message with html format, here are some test results:
the original message is:

"\n" +
            "<h1>Test sending HTML email body</h1>\n" +
            "<p>Hello OpenSearch.</p>\n" +
            "<script>\n" +
            "document.getElementById(\"demo\").innerHTML = \"Test script for html sanitization\";\n" +
            "</script>\n" +
            "<a href=\"https://a.com/x\">\n" +
            "Test link for html sanitization\n" +
            "</a>\n" +
            "<iframe src=\"test iframe url\" title=\"Test iframe for html sanitization\">\n" +
            "</iframe>\n" +
            "<img src=\"x.jpg\" alt=\"Test image for html sanitization\">\n"

1. When html sanitization is disabled, the received email contains all of the original html tags:

2. When html sanitization is enabled, and the allow list is set to ["h1", "p"], the received email only contains the allowed html tags: