fix(hanko): use markdown media type for profile modal

[markdumay]

Hugo v0.162.0 added the security.allowContent policy, which denies the text/html content media type by default as XSS hardening (see the v0.162.0 release notes). This module ships its profile modal as an HTML content page (content/_modals/profile.html), so every site consuming it fails to build on Hugo ≥ 0.162:

access denied: "text/html" is not whitelisted in policy "security.allowContent"
  allowContent = ['! ^text/html$']

Fix

Rename content/_modals/profile.html → content/_modals/profile.md (no content change). A .md page declares the text/markdown media type, which is whitelisted. The {{< ModalProfile >}} shortcode output still passes through verbatim — shortcode placeholders are substituted after Goldmark, so they are not subject to markup.goldmark.renderer.unsafe. This mirrors how mod-flexsearch already handles its search modal (a text/markdown content adapter wrapping {{< ModalSearch >}}).

Verification

Tested against infusal/app on Hugo v0.162.1 using a Hugo module replace pointing at this branch:

• Before: build fails with the allowContent error above.
• After: build succeeds (472 pages); the profile modal renders verbatim into all pages (<div id="profile-modal" class="modal fade profile-modal" …><hanko-profile></div>), with 0 <p>-wrapping, 0 escaped/stripped HTML, and no standalone /_modals/profile page leaked (the render: never cascade is respected). Rendered output is identical to the previous .html version.

The module's own exampleSite build (pre-commit npm test) also passes.

🤖 Generated with Claude Code

[markdumay]

🎉 This PR is included in version 2.2.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀