fix(markdown-preview): disable raw HTML rendering in preview

Issue
- Markdown preview used rehype-raw, which interprets raw HTML from document content.
- For untrusted markdown (user files, copied LLM output), this could allow script-capable HTML payloads to execute in preview.

Change
- Removed rehypeRaw from MarkdownPreview.
- Kept rehype-katex enabled so math rendering still works.
- Result: raw HTML is no longer interpreted as DOM; it is treated as markdown text.

Reproduction (before fix)
1. Open/create any .md file in the code editor.
2. Add: <iframe srcdoc="<script>parent.alert('xss')</script>"></iframe>
3. Toggle Markdown Preview.
4. Observe script execution (alert) in vulnerable behavior.

Expected after fix
- The same payload does not execute; raw HTML is not rendered as active DOM.

Validation
- npm run typecheck (passes).

src/components/code-editor/view/subcomponents/markdown/MarkdownPreview.tsx

@@ -2,7 +2,6 @@ import { useMemo } from 'react';
 import type { Components } from 'react-markdown';
 import ReactMarkdown from 'react-markdown';
 import rehypeKatex from 'rehype-katex';
-import rehypeRaw from 'rehype-raw';
 import remarkGfm from 'remark-gfm';
 import remarkMath from 'remark-math';
 import MarkdownCodeBlock from './MarkdownCodeBlock';
@@ -39,7 +38,7 @@ const markdownPreviewComponents: Components = {
 
 export default function MarkdownPreview({ content }: MarkdownPreviewProps) {
   const remarkPlugins = useMemo(() => [remarkGfm, remarkMath], []);
-  const rehypePlugins = useMemo(() => [rehypeRaw, rehypeKatex], []);
+  const rehypePlugins = useMemo(() => [rehypeKatex], []);
 
   return (
     <ReactMarkdown