fix(ui): multiple fixes of sync fork UI (#7740)

Followup to https://codeberg.org/forgejo/forgejo/pulls/2364
Replaces https://codeberg.org/forgejo/forgejo/pulls/7666

Fix multiple issues with the original implementation:
* `SyncFork` web handler used `{branch}` as a parameter, so it failed for branches with `/` in names
    * Originally I switched it to use `*` like other branch web handlers, but I found that it was easier to move it out from URL to POST request values
* Security: `SyncFork` web handler was using GET method, so just visiting the link was enough to execute the action
    * It was switched to POST done via form with CSRF, which also allowed to put branch name in it's values
* Security: in template, branch name was not escaped but rendered with `SafeHTML`, allowing for rendering fun characters like `&` and for script execution. Also the link was not escaped correctly and would be leading to 404
    * To avoid having to change all translations, only the branch name+link part was changed and is now escaped with `HTMLFormat` before being passed to TrN

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7740
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>

routers/web/web.go

@@ -1593,7 +1593,7 @@ func registerRoutes(m *web.Route) {
 		}
 		m.Get("/commit/{sha:([a-f0-9]{4,64})}.{ext:patch|diff}", repo.MustBeNotEmpty, reqRepoCodeReader, repo.RawDiff)
 
-		m.Get("/sync_fork/{branch}", context.RepoMustNotBeArchived(), repo.MustBeNotEmpty, reqRepoCodeWriter, repo.SyncFork)
+		m.Post("/sync_fork", context.RepoMustNotBeArchived(), repo.MustBeNotEmpty, reqRepoCodeWriter, repo.SyncFork)
 	}, ignSignIn, context.RepoAssignment, context.UnitTypes())
 
 	m.Post("/{username}/{reponame}/lastcommit/*", ignSignInAndCsrf, context.RepoAssignment, context.UnitTypes(), context.RepoRefByType(context.RepoRefCommit), reqRepoCodeReader, repo.LastCommit)