[TASK] Add rel="noreferrer" to external links of widgets

Clicking on external links (with target="_blank") in RSS widgets and buttons
of Dashboard widgets can leak the referrer of the linked page. This is mostly
not wanted because it reveals the URL of the TYPO3 backend. Additionally, the
other page can access the "window.opener" property, which exposes security
issues. Also if the other page is running a lot of JavaScript, the performance
of the TYPO3 backend may also suffer, because the other page may run on the
same process as the TYPO3 backend.

To mitigate this behaviour rel="noreferrer" is added to external links
in the according widgets.

"noreferrer" also implies the "noopener" behaviour, so this is sufficient.

See also:
- https://html.spec.whatwg.org/multipage/links.html#link-type-noreferrer
- https://developers.google.com/web/tools/lighthouse/audits/noopener

Resolves: #91290
Releases: master
Change-Id: Ie53b543e39bc716a5437d9a7364691de3ec7346f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64401


Reviewed-by: Josef Glatz <josefglatz@gmail.com>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Richard Haeser <richard@maxserv.com>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Josef Glatz <josefglatz@gmail.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Richard Haeser <richard@maxserv.com>