Currently, geomap configuration (Administration) allows using HTML in the attribution field. This should be changed in the following way:
1. Default providers should still have static attributions with HTML (but the attribution field shouldn't be shown). Users shouldn't be able to change attribution for default providers.
2. Custom providers should have the attribution field, but it should be rendered as text (no HTML support) and a hint about trusted sources should also be removed.