Ensure inner html is escaped when bolding.

Fixes #12033

app/src/main/java/org/thoughtcrime/securesms/util/HtmlUtil.java

@@ -1,9 +1,11 @@
 package org.thoughtcrime.securesms.util;
 
+import android.text.Html;
+
 import androidx.annotation.NonNull;
 
 public class HtmlUtil {
   public static @NonNull String bold(@NonNull String target) {
-    return "<b>" + target + "</b>";
+    return "<b>" + Html.escapeHtml(target) + "</b>";
   }
 }