Add noreferrer and ugc to links

[PierreMesure]

🎩 What? Why?

To discourage spam bots from using Decidim platforms to promote their websites and gain SEO juice.

The following keywords have been added to the personal URL of profile pages and links in the body of personal messages, comments, debates...

• noreferrer (source), which instructs the browser not to pass the URL of the Decidim platform as a referrer to the opened URL. This will effectively prevent a spammer from tracking how much traffic they get from adding their link to the platform.
• ugc (source), which stands for user-generated content and is a new keyword introduced by Google a few years ago to replace nofollow which was too general.

As this article explains, Google introduced ugc in 2019 but the way they interpret it is still evolving and they still have to deal with a legacy of websites only using nofollow to qualify all unapproved content (as Decidim does today). So adding the keyword is a way to make Decidim compatible with it already now and gives search engines a thinner way to characterise user-generated content on it.

An important remark is that the link_renderer that this PR modifies is only used in very few cases (the main ones being comments and private messages) so there are many examples of user-generated content that will not benefit of that change. A few examples are:

• the body of a proposal if the rich editor is enabled
• the body of a debate if the rich editor is enabled
• the body of a user-created meeting

It would be interesting to refactor this helper so it can be applied more easily to all type of user-generated content.

📌 Related Issues

• Related to #8779, #5651

Testing

Just check a link on a user profile, in a comment or a proposal for the presence of rel="nofollow noopener noreferrer ugc"

📋 Checklist

🚨 Please review the guidelines for contributing to this repository.

• ❓ CONSIDER adding a unit test if your PR resolves an issue.
• ✔️ DO check open PR's to avoid duplicates.
• ✔️ DO keep pull requests small so they can be easily reviewed.
• ✔️ DO build locally before pushing.
• ✔️ DO make sure tests pass.
• ✔️ DO make sure any new changes are documented in docs/.
• ✔️ DO add and modify seeds if necessary.
• ✔️ DO add CHANGELOG upgrade notes if required.
• ✔️ DO add to GraphQL API if there are new public fields.
• ✔️ DO add link to MetaDecidim if it's a new feature.
• ❌AVOID breaking the continuous integration build.
• ❌AVOID making significant changes to the overall architecture.

📷 Screenshots

No visual changes

♥️ Thank you!

[ahukkanen]

LGTM, good improvement!

[andreslucena]

Can you please backport to v0.26-stable 🙏🏽? Thanks

[andreslucena]

Can you please backport to v0.26-stable 🙏🏽? Thanks

No need to do it anymore, I already opened the backport at #9078, as I want to clean the 'backport pending' backlog so we can publish v0.26.1

Thanks for the PR @PierreMesure!!

[PierreMesure]

Great, thank you!