fix(security): replace innerHTML with textContent in close.js

[jeevaratnamputla]

Summary
This PR replaces the use of .innerHTML with .textContent in the insertTextMsg function within static/close.js. This change mitigates a potential DOM-based Cross-Site Scripting (XSS) vulnerability.

Rationale
During a security review of the static assets, innerHTML was identified as a dangerous sink in insertTextMsg.

Current state: The function takes a message string and injects it directly into the DOM. While current usage (e.g., APP_NAME) involves trusted strings, this pattern is inherently insecure.

The Improvement: Switching to .textContent ensures that any string passed is treated as literal text. This follows defense-in-depth principles by ensuring that even if configuration values were compromised or modified via external parameters, no script execution could occur.

Impact
Functionality: No impact on existing UI. Current messages are plain text and render identically with textContent.

Security: Eliminates the XSS risk associated with this function.

Testing Administered
Manual Verification: Verified the call-termination screen. "Thank You" and "Hint" messages render correctly.

Security Test: Confirmed that passing a string with HTML tags results in the tags being escaped/rendered as text rather than being executed by the browser.

[jitsi-jenkins]

Hi, thanks for your contribution!
If you haven't already done so, could you please make sure you sign our CLA (https://jitsi.org/icla for individuals and https://jitsi.org/ccla for corporations)? We would unfortunately be unable to merge your patch unless we have that piece :(.