feat(scanner): add HTML entity resolution in SimpleHTMLScanner

[marevol]

Summary

Implements HTML character entity resolution directly in SimpleHTMLScanner, decoding entities in both text content and attribute values during parsing.

Changes Made

• Added resolveEntities(String text) and resolveEntities(String text, boolean inAttribute) methods to SimpleHTMLScanner
• Added static ENTITY_PATTERN regex covering decimal (Ö), hex (Ö), and named (Ö) entity references with optional trailing semicolons
• Added resolveCodePoint() helper that replaces invalid/noncharacter code points with U+FFFD per the HTML5 spec
• Text content: entities are always resolved before dispatching characters() events
• Attribute values: semicolon-less named entities followed by [A-Za-z0-9=] are intentionally left unresolved to avoid corrupting URLs (e.g. &not=, &copy=)
• Updated all affected tests to expect correctly entity-resolved output

Testing

• Existing test suite updated to reflect resolved entity output
• Tests cover numeric decimal/hex entities, named entities, edge cases (null char, surrogates, out-of-Unicode-range, XML-illegal chars, Unicode noncharacters)

Breaking Changes

• Text content and attribute values that previously contained literal &...; sequences will now be emitted as their decoded Unicode equivalents. Consumers relying on raw entity text in SAX events will need to re-evaluate, but this aligns with correct HTML parsing behavior.

Additional Notes

• Uses HTMLEntities.get() for named entity lookup — no new dependencies introduced
• Attribute context handling follows the HTML5 tokenizer attribute value state spec to avoid false positives on query strings and URL parameters