Fix JS SyntaxError breaking tabs, textarea scrolling, and XSS escaping

Bug fixes:
- ticket.js: Remove duplicate const textarea declaration inside showMentionSuggestions()
  (was redeclaring a parameter, causing SyntaxError that broke all tab switching)
- ticket.css: Add overflow:hidden + resize:none to disabled textarea so description
  shows full height without internal scrollbar (page scrolls instead)
- ticket.js: Trigger height recalculation when entering edit mode on description

XSS/escaping fixes:
- TicketView.php: htmlspecialchars() on description textarea content (closes </textarea> injection risk)
- TicketView.php: htmlspecialchars() on ticket status and workflow transition status strings
- DashboardView.php: htmlspecialchars() on $cat/$type in input value= attributes
- RecurringTicketsView.php: htmlspecialchars() on composed schedule string

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

assets/css/ticket.css

@@ -584,6 +584,8 @@ textarea.editable {
     background: var(--bg-secondary);
     cursor: default;
     border-color: transparent;
+    overflow: hidden;
+    resize: none;
 }
 
 /* Button Styles */

assets/js/ticket.js

@@ -86,6 +86,8 @@ function toggleEditMode() {
         // Enable description (textarea)
         if (descriptionField) {
             descriptionField.disabled = false;
+            descriptionField.style.height = 'auto';
+            descriptionField.style.height = descriptionField.scrollHeight + 'px';
         }
 
         // Enable metadata fields (priority, category, type)
@@ -1036,7 +1038,6 @@ function showMentionSuggestions(query, textarea) {
 
     mentionAutocomplete.innerHTML = html;
     mentionAutocomplete.classList.add('active');
-    const textarea = document.getElementById('newComment');
     if (textarea) textarea.setAttribute('aria-expanded', 'true');
     selectedMentionIndex = 0;