Add rel="noopener" to links with target="_blank"

When a user enables one of the user settings that causes external links
to open in new tabs, we should be adding rel="noopener" to the links as
well, for security reasons:
https://mathiasbynens.github.io/rel-noopener/

tildes/static/js/behaviors/external-links-new-tabs.js

@@ -6,6 +6,7 @@ $.onmount('[data-js-external-links-new-tabs]', function() {
     $(this).find('a').each(function() {
         if (this.host !== window.location.host) {
           $(this).attr('target', '_blank');
+          $(this).attr('rel', 'noopener');
         }
     });
 });

tildes/tildes/templates/macros/topics.jinja2

@@ -21,7 +21,10 @@
           {% elif topic.is_link_type %}
             <a
               href="{{ topic.link }}"
-              {% if request.user.open_new_tab_external %}target="_blank"{% endif %}
+              {% if request.user.open_new_tab_external %}
+                target="_blank"
+                rel="noopener"
+              {% endif %}
             >{{ topic.title }}</a>
           {% endif %}
         </h1>

tildes/tildes/templates/topic.jinja2

@@ -53,7 +53,10 @@
       <div class="topic-icon topic-icon-{{ topic.link_domain.replace('.', '_') }}"></div>
       <a
         href="{{ topic.link }}"
-        {% if request.user.open_new_tab_external %}target="_blank"{% endif %}
+        {% if request.user.open_new_tab_external %}
+          target="_blank"
+          rel="noopener"
+        {% endif %}
       >{{ topic.link }}</a>
     </div>