publish: sanitise markdown snippets in preview

Runs the snippet through ReactMarkdown instead of rendering it as text.
We restrict the allowed nodes in the render to pure text, so the snippet is not
overly visually heavy.

pkg/interface/publish/src/js/components/lib/notebook-posts.js

@@ -71,7 +71,10 @@ export class NotebookPosts extends Component {
             </div>
             <p className="mb1"
             style={{overflowWrap: "break-word"}}>
-              {note.snippet}
+              <ReactMarkdown
+                unwrapDisallowed
+                allowedTypes={['text', 'root', 'break', 'paragraph']}
+                source={note.snippet} />
             </p>
             <div className="flex">
               <div className={(contact.nickname ? null : "mono") +