Allow markdown or similar in patch descriptions and instructions

[pingdynasty]

But don't allow anything potentially spammy or malicious: images, cross-domain links, js

[antisvin]

This looks like a nice client side renderer for MD that can be configured to support only safe features: https://github.com/markdown-it/markdown-it#manage-rules