Sanitize tooltip content

[lukasmatta]

Currently, the content of the tooltip directive is being set using the innerHTML property, as seen here:

cps-shared-ui/projects/cps-ui-kit/src/lib/directives/cps-tooltip/cps-tooltip.directive.ts

Line 153 in 66a0f62

popupContent.innerHTML = this.tooltip || 'Add your text to this tooltip';

However, this approach does not sanitize the content, which means that malicious code could potentially be injected as a tooltip content. Example with a javascript alert:

<button cpsTooltip="<style onload='alert(`Hello!`);' />">Hello alert</button>

While tooltips are typically defined statically in templates, and use cases involving user-provided content are rare, such scenarios may become more common as additional projects begin to adopt this library.

Therefore, the tooltip content should be properly sanitized before being assigned via the innerHTML property.