Sanitizer doesn't catch non-focusable element with `on` attribute for missing role & tabindex

[westonruter]

Create a post with the content containing:

<span on="tap:AMP.setState({clicked: !clicked})">Click Here</span>

When viewing the post on the frontend, the plugin's sanitizer doesn't complain at all about this. The AMP validator, however, does complain:

Generally the plugin removes markup that is invalid rather than supply markup that is missing. But I'm curious why the plugin's sanitizer isn't removing the elements entirely when they lack the required attributes. Otherwise, the AMP plugin could add the missing tabindex and role attributes for such elements.

The reason why this isn't currently caught by the sanitizer may be because the rule is not captured in protoascii but rather it could be an ad hoc rule.

[westonruter]

Closing in favor of #4447.

This issue also will rarely (if ever) occur now due to #4528.