in user profiles, restrict visibility of links for new users

[cellio]

Fixes #1500.

sanitize only accepts an allow list, so I couldn't express "allow anything we normally do, except a". I instead blocked all attributes, so the href doesn't work and thus the a doesn't render. There might be a more elegant way to do this; writing a custom sanitizer seemed like overkill and I didn't figure out anything else from Rails doc.

This strips links if the viewer is not logged in and the profile user does not have "participate everywhere". Note for testing: in a new dev environment users come in with that ability by default, so remember to suspend it for your test user.

Screenshots:

1. Logged-out view of account in good standing:

2. Logged-out view of restricted account:

3. Logged-in view of restricted account (account in good standing is unchanged):

[cellio]

I think this is ready now. After the initial commit, I applied the same criteria to the web site link (if present) -- we just don't show the field at all in this case, rather than trying to do something to indicate that it's there but hidden. I also added a not-very-pretty notice to the edit page, and would welcome improvements from people who grok CSS better than I do.

[ArtOfCode-]

This is a really smart way of doing this. Admittedly I haven't sat for hours thinking about this, but when the topic has come up before now I haven't come up with an easy way to go about it - this is ideal! Thanks!