Merge pull request from GHSA-ccm4-vgcc-73hp
* Tighten allowed HTML in oEmbed-based preview cards
* Sanitize preview cards at render time
* Add `sandbox` attribute to preview card iframes
Add hardened headers to user-uploaded files (#25756)
Add canonical link tags in web UI (#25715)
Add button to see results for polls in web UI (#25726)
Fix OAuth apps page crashing when listing apps with certain admin API scopes (#25713)
Fix re-activated accounts being deleted by AccountDeletionWorker (#25711)
fix read more button overlapping thread line bug (#25706)
Fix forgotten unconfirmed_email migration file (#25702)
Fix local live feeds does not expand (#25694)
Change labels of live feeds tabs in web UI (#25683)
Fix `/api/v2/search` not working with following query param (#25681)
Fix regression of icon button colors in web UI (#25679)
Change button colors to increase hover/focus contrast and consistency (#25677)
Add users index on unconfirmed_email (#25672)
Add superapp index on `oauth_applications` (#25670)
Fix inefficient query when requesting a new confirmation email from a logged-in account (#25669)
Revert "Rails 7 update" (#25667)
Prevent duplicate concurrent calls of `/api/*/instance` in web UI (#25663)
Change dropdown icon above compose form from ellipsis to bars in web UI (#25661)