Security: add DOMpurify to any document write methods

[helms-charity]

Aikido.dev says:

Using document write methods can lead to XSS attacks (high) in cards-testimonial.js, cc-hero-slider.js and 10 others
When innerHTML is set from variables (newContent, panelHTML, goBackContent) sourced from DOM/dataset/contentMap with no shown sanitization; this is a real DOM XSS risk.

We already have DOMpurify for editor-support.js, we should be able to extend this to all our block functions without breaking anything.