Use Rails helper strip_tags to remove potentially dangerous tags from url,...

Use Rails helper strip_tags to remove potentially dangerous tags from url, fetch_url and title attributes of Feed model. Those three attributes are entered by the user, and therefore cannot be trusted. We want to sanitize them removing any dangerous markup or scripts: in particular those three attributes should always contain plain text (URLs and the feed title), never HTML markup. With this commit a Rails helper is used to strip tags; before this the Sanitize gem was used. The problem with the Sanitize gem is that it assumes it operates on HTML markup and it HTML-encodes any reserved characters, forcing us to do an unencodeHTML afterwards; this can cause problems with some URLs. For example this URL: http://www.drwindows.de/external.php?do=rss&type=newcontent&sectionid=1&days=120&count=10 the "&sectionid" part is problematic, because "§" is the url-encoding of the § character. The encoding-unencoding code gets confused and the output is a different URL which no longer points to the feed. The fix is not to treat as HTML during sanitization of attributes that do not contain HTML (most importantly, URLs). The strip_tags helper outputs plain text without ever HTML-encoding the strings. This fixes a bug in which the above sample URL could not be subscribed by FeedBunch. Pending: extend this change to other models (e.g. entry URLs). Move to the new Subscriber class the code that sanitizes HTML fragments (e.g. entry bodies). Remove any configurations for the Sanitize gem that are no longer used, if any.