Add apply_body_background config toggle and XSS fix

[elasticsounds]

Summary

Add apply_body_background boolean config option (default true) to control whether background colors extracted from content are applied to the page body. Thread through all rendering paths: packaging, API preview, and live preview. Also fixes XSS/CSS injection vulnerability where bgMatch[1] was interpolated without escapeAttr(). Includes Sri Lanka Grade 2 styleguide assets.

Changes

• Add apply_body_background to AppConfig schema
• Make background extraction conditional in renderPageHtml()
• Fix CSS injection by wrapping with escapeAttr()
• Thread config through packaging routes, services, and pipeline runners
• Add UI toggle in onboarding wizard step 2 (Layout) under Advanced settings
• Add UI toggle in Storyboard settings for runtime control
• Add toggle to BookPreviewFrame and StoryboardSectionDetail for live preview

Test Plan

• Verify typecheck passes ✓
• Toggle off in onboarding — new book should have white body
• Toggle on in onboarding — new book should apply styleguide backgrounds
• In existing book storyboard settings, toggle to control preview backgrounds
• Verify packaged output respects the toggle