Use TrustedTypes when setting `innerHTML`

[nolanlawson]

We set innerHTML here:

emoji-picker-element/src/picker/components/Picker/utils.js

Lines 15 to 16 in ddb6aa3

	const template = document.createElement('template')
	template.innerHTML = htmlString

This string is inherently safe because it's authored in this codebase and does not include any user-supplied data. However, if a server has a Trusted Types CSP policy, it would throw an error here.

One strategy Lit uses is to set their own custom TrustedTypes policy: lit/lit#1772

I'm a little hesitant to do this though until the API gains wider browser adoption. It's been Chromium-only for years, and the standards positions from WebKit/Firefox seem inconclusive: WebKit/standards-positions#186 mozilla/standards-positions#20