Adds sanitize to conversation messages

[pmcneill]

Conversation messages rely on the output-side rendering to escape any malicious HTML. This adds a sanitize_field call to the body property to clean up the saved data and ensure that API-provided messages are safe as well.

Test plan

• Open browser developer tools network panel
• Send a conversation message to someone and verify it's received
• In Chrome, copy the request out as a cURL command. Edit the message in the JSON to include some HTML with an onClick event.
• Invoke the cURL command to send another message
• Verify that the HTML was stripped

[CLAassistant]

All committers have signed the CLA.