DEV: Don't interpret user field names as HTML (#18317)

This isn't a security bug, because only admins can create user fields
and we have to trust admins, because they can change themes, which are
shown site-wide and can contain unrestricted JS.

app/assets/javascripts/discourse/app/templates/components/user-fields/confirm.hbs

@@ -1,6 +1,6 @@
 {{#if this.field.name}}
   <label class="control-label">
-    {{html-safe this.field.name}} {{#if this.field.required}}<span class="required">*</span>{{/if}}
+    {{this.field.name}} {{#if this.field.required}}<span class="required">*</span>{{/if}}
   </label>
 {{/if}}
 

app/assets/javascripts/discourse/app/templates/components/user-fields/dropdown.hbs

@@ -1,5 +1,5 @@
 <label class="control-label" for={{concat "user-" this.elementId}}>
-  {{html-safe this.field.name}}
+  {{this.field.name}}
   {{#if this.field.required}}
     <span class="required">*</span>
   {{/if}}

app/assets/javascripts/discourse/app/templates/components/user-fields/multiselect.hbs

@@ -1,5 +1,5 @@
 <label class="control-label" for={{concat "user-" this.elementId}}>
-  {{html-safe this.field.name}}
+  {{this.field.name}}
   {{#if this.field.required}}
     <span class="required">*</span>
   {{/if}}

app/assets/javascripts/discourse/app/templates/components/user-fields/text.hbs

@@ -1,5 +1,5 @@
 <label class="control-label" for={{concat "user-" this.elementId}}>
-  {{html-safe this.field.name}}
+  {{this.field.name}}
   {{#if this.field.required}}<span class="required">*</span>{{/if}}
 </label>
 <div class="controls">