Update RedCloth gem to v4.3.3

What does this MR do and why?

Tentative of remove RedCloth gem

Monkey patch RedCloth to include the CVE fix.

RedCloth gem has a CVE and it doesn't have an updated release, flagged by bundler-audit.

I've search the code for RedCloth and it doesn't find any references.

Update RedCloth gem version to include CVE fix

RedCloth is currently used inside GitLab Markup gem (https://gitlab.com/gitlab-org/gitlab-markup/-/blob/master/lib/github/markups.rb?ref_type=heads#L7) Reproduction: https://gitlab.com/digitalmoksha/bug-reproduction/-/blob/master/README.textile

Changelog: security

Some context

RedCloth gem isn't used by RedCloth.new or RedCloth:: but it can still be used as calls t, which is an alias for textilize. RedCloth also includes ERB::Util (ref: https://github.com/jgarber/redcloth/blob/master/lib/redcloth.rb#L40-L45), so without it, methods like h, html_escape_once can be used without ERB::Util..

RedCloth also require its own redcloth/erb_extension which creates a method alias t that can be used without RedCloth., which makes it difficult to find its usage.

Plan forward

• Try to include ERB::Util, like RedCloth is doing, to try run CI and see if it finds usage of RedCloth
• Fix all CI failures which are places where it may need ERB::Util. for methods like h and html_escape_once.
• Get a GitLab core team review if this gem is really used, before adding ERB::Util everywhere needed
• NOT APPLICABLE for this MR Continue searching for t as the alias for RedCloth textilize method.
• NOT APPLICABLE for this MR Keep RedCloth, add a monkey patch with the CVE fix
• Update RedCloth gem to v4.3.3

Screenshots or screen recordings

Not applicable

How to set up and validate locally

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.