Fix JS SyntaxError breaking tabs, textarea scrolling, and XSS escaping

Bug fixes:
- ticket.js: Remove duplicate const textarea declaration inside showMentionSuggestions()
  (was redeclaring a parameter, causing SyntaxError that broke all tab switching)
- ticket.css: Add overflow:hidden + resize:none to disabled textarea so description
  shows full height without internal scrollbar (page scrolls instead)
- ticket.js: Trigger height recalculation when entering edit mode on description

XSS/escaping fixes:
- TicketView.php: htmlspecialchars() on description textarea content (closes </textarea> injection risk)
- TicketView.php: htmlspecialchars() on ticket status and workflow transition status strings
- DashboardView.php: htmlspecialchars() on $cat/$type in input value= attributes
- RecurringTicketsView.php: htmlspecialchars() on composed schedule string

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

views/TicketView.php

@@ -246,14 +246,14 @@ $nonce = SecurityHeadersMiddleware::getNonce();
                         <div class="header-controls">
                             <div class="status-priority-group">
                                 <select id="statusSelect" class="editable status-select status-<?php echo str_replace(' ', '-', strtolower($ticket["status"])); ?>" data-field="status" data-action="update-ticket-status" aria-label="Change ticket status">
-                                    <option value="<?php echo $ticket['status']; ?>" selected>
-                                        <?php echo $ticket['status']; ?> (current)
+                                    <option value="<?php echo htmlspecialchars($ticket['status']); ?>" selected>
+                                        <?php echo htmlspecialchars($ticket['status']); ?> (current)
                                     </option>
                                     <?php foreach ($allowedTransitions as $transition): ?>
-                                        <option value="<?php echo $transition['to_status']; ?>"
+                                        <option value="<?php echo htmlspecialchars($transition['to_status']); ?>"
                                             data-requires-comment="<?php echo $transition['requires_comment'] ? '1' : '0'; ?>"
                                             data-requires-admin="<?php echo $transition['requires_admin'] ? '1' : '0'; ?>">
-                                            <?php echo $transition['to_status']; ?>
+                                            <?php echo htmlspecialchars($transition['to_status']); ?>
                                             <?php if ($transition['requires_comment']): ?> *<?php endif; ?>
                                             <?php if ($transition['requires_admin']): ?> (Admin)<?php endif; ?>
                                         </option>
@@ -295,7 +295,7 @@ $nonce = SecurityHeadersMiddleware::getNonce();
                         <div class="ascii-subsection-header">Description</div>
                         <div class="detail-group full-width">
                             <label>Description</label>
-                            <textarea class="editable" data-field="description" disabled><?php echo $ticket["description"]; ?></textarea>
+                            <textarea class="editable" data-field="description" disabled><?php echo htmlspecialchars($ticket["description"] ?? ''); ?></textarea>
                         </div>
                     </div>