Sanitize `file:` protocol in escapeHTML

Despite data: and javascript: as well-known attack-vectors for XSS, the file: protocol may also cause malicious behavior. I think, it is rather safe (thus, backward-compatible) to also escape it here:

BBob/packages/bbob-plugin-helper/src/helpers.js

Line 39 in 3575982

.replace(/(javascript|data|vbscript):/gi, '$1%3A');

Only for local use of BBob, the file: protocol may be relevant. Thus, for full backward-compatiblity, we would require to add some flag to the options.