Collapsible commit info improperly renders commit.titleHtml

1. Create a commit with & (or < or >) in the title.
2. Navigate to the repository browser.
3. Resize below sm breakpoint (I use mobile device emulation in Chrome).
4. Click "⋯" button to reveal the full commit title.
5. Note that entities are shown as-is.
6. Do it again but include a reference to an issue, like #1.
7. Have another look — it gets worse!

app/assets/javascripts/repository/components/collapsible_commit_info.vue L132 uses {{ commit.titleHtml }} — we should use v-safe-html to interpret the HTML here. (It's produced by the backend and is very safe for use with v-safe-html.)