fix(chore): use cloneNode for toast and pagination icon templates

[karim-semmoud]

Summary

Replaces innerHTML read/write for author-controlled icon templates in toast and pagination with cloneNode(true), reducing unnecessary XSS surface and matching patterns used elsewhere in Corex (combobox, tags-input, file-upload).

Changes

assets/lib/util.ts

• Add cloneTemplateChildren/2 to clone template child nodes into a target element and skip redundant re-clones when the template id is unchanged.

assets/components/toast.ts

• Close and loading icons clone from [data-close-icon-template] and [data-loading-icon-template] instead of copying HTML strings.
• Fallback close label (×) unchanged when no close template is provided.

assets/components/pagination.ts

• Ellipsis items clone from [data-pagination-ellipsis-template] instead of ellipsisTemplate.innerHTML.
• Default ellipsis remains … when no template is present.

Tests

• assets/test/lib/util.test.ts: cloneTemplateChildren unit tests
• assets/test/component/toast.test.ts: close + loading icon cloning
• assets/test/component/pagination.test.ts: ellipsis template cloning

Test plan

• npm test
• E2e: toast with custom <:close> / <:loading> slots renders icons correctly
• E2e: pagination with custom <:ellipsis> slot renders ellipsis markup correctly
• Rebuild priv/static assets