fix: restore compact JS placeholders in session export template

[martenzi]

Fixes #49957

The session export template at src/auto-reply/reply/export-html/template.html had its JS placeholders reformatted into multi-line blocks. This prevented the .replace() calls in the export logic from finding and injecting the vendored JS, resulting in empty exports in the browser.

This PR restores the single-line format.

[greptile-apps]

Greptile Summary

This PR is a targeted bug fix that restores the single-line {{PLACEHOLDER}} format for JS injection placeholders in src/auto-reply/reply/export-html/template.html, which had been accidentally reformatted into multi-line blocks (e.g., { { MARKED_JS; } }) in a previous commit.

The fix is correct: the injection logic in commands-export-session.ts uses exact-string .replace("{{MARKED_JS}}", ...), .replace("{{HIGHLIGHT_JS}}", ...), and .replace("{{JS}}", ...) calls that require the placeholders to appear as compact single-line tokens. The reformatted multi-line versions would never match, leaving blank <script> blocks and broken exports in the browser.

• Restores {{MARKED_JS}}, {{HIGHLIGHT_JS}}, and {{JS}} to their expected single-line forms in template.html
• No logic changes; purely a template formatting correction
• Matches the expectations of both the production export code (commands-export-session.ts) and the security test suite (template.security.test.ts)

Confidence Score: 5/5

• This PR is safe to merge — it is a minimal, correct restoration of broken template placeholders with no logic changes.
• The change is a one-to-one restoration of known-good placeholder strings. The .replace() call sites in commands-export-session.ts and the security test suite both confirm the expected {{PLACEHOLDER}} format. No new behaviour is introduced and no other files are touched.
• No files require special attention.

_{Last reviewed commit: "fix(export): restore..."}

[vincentkoc]

Thanks for the fix here. This path is now covered by #41861, which landed the canonical export HTML placeholder repair with regression coverage. Closing this PR as superseded so we keep one landed implementation and preserve contributor credit in the cluster record.