feat: sanitize campaign step html

[saurabhhhcodes]

Closes #407

What changed

• Sanitized email step HTML in SequenceStepSerializer and campaign builder payload handling.
• Strip script/iframe/object/embed/style nodes before saving, while preserving a safe formatting subset for rich email copy.
• Added direct serializer tests and API round-trip tests for create/update paths.
• Added bleach to backend requirements.
• Restored the campaign task import block so the campaign test module can load, and added a migration merge to resolve the existing campaigns migration split.

Validation

• python3 -m py_compile backend/campaigns/tasks.py backend/campaigns/serializers.py backend/campaigns/tests.py backend/campaigns/models.py backend/campaigns/views.py backend/campaigns/migrations/0010_merge_0009_campaign_cached_counters_0009_campaignlead_bounce_metadata.py backend/campaigns/migrations/0011_campaignlead_activity_timestamps.py
• python3 backend/manage.py test campaigns.tests.SequenceStepSanitizationTests campaigns.tests.CampaignWorkflowTests.test_email_webhook_persists_bounce_metadata -v 2
• git diff --check

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 62c09fc4-802e-4f95-af5b-6ebe399b2578

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}