fix(suggest-path): apply iterative HTML tag stripping to prevent incomplete sanitization

Address GitHub Advanced Security finding (code-scanning/995, /996)
by looping stripHtmlTags until stable, preventing nested tag patterns
like `<scr<script>ipt>` from surviving a single-pass replace.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

apps/app/src/features/suggest-path/server/services/retrieve-search-candidates.ts

@@ -15,7 +15,13 @@ export type RetrieveSearchCandidatesOptions = {
 };
 
 function stripHtmlTags(html: string): string {
-  return html.replace(/<[^>]*>/g, '');
+  let previous: string;
+  let result = html;
+  do {
+    previous = result;
+    result = result.replace(/<[^>]*>/g, '');
+  } while (result !== previous);
+  return result;
 }
 
 function extractSnippet(item: SearchResultItem): string {