fix: State descriptions can have HTML in them, mark them safe

[larseggert]

No description provided.

[codecov]

Codecov Report

Merging #6384 (23df286) into main (32bb4ef) will increase coverage by 0.00%.
Report is 38 commits behind head on main.
The diff coverage is 88.00%.

@@           Coverage Diff           @@
##             main    #6384   +/-   ##
=======================================
  Coverage   88.69%   88.69%           
=======================================
  Files         290      290           
  Lines       40390    40421   +31     
=======================================
+ Hits        35823    35852   +29     
- Misses       4567     4569    +2     

Files	Coverage Δ
ietf/doc/models.py	88.98% <100.00%> (ø)
ietf/doc/utils.py	87.38% <100.00%> (+0.23%)	⬆️
ietf/doc/views_review.py	95.16% <100.00%> (+0.20%)	⬆️
ietf/doc/views_search.py	89.49% <100.00%> (+0.20%)	⬆️
ietf/help/views.py	63.63% <ø> (+8.46%)	⬆️
ietf/ipr/feeds.py	93.33% <100.00%> (+0.22%)	⬆️
ietf/ipr/models.py	88.95% <ø> (ø)
ietf/ipr/sitemaps.py	100.00% <100.00%> (ø)
ietf/liaisons/forms.py	91.40% <100.00%> (+0.26%)	⬆️
ietf/review/models.py	91.97% <100.00%> (+0.05%)	⬆️
... and 4 more

... and 4 files with indirect coverage changes

[rjsparks]

Whiie this may be better in the short run, it moves us further away from the right place to be.

State descriptions (and DocEvent descriptions) should NOT have html in them. If we want this stuff to be marked up, we should use a safer markup language (limited markdown perhaps). Or we should stop trying to mark it up.

[rjsparks]

To be clear, since state descriptions can only be provided by code or by someone with admin access, we can take this PR, but we really need to squeeze these pockets of html fragments out of the database.