FIX: use allowlist and blocklist terminology (#10209)

This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.

spec/lib/content_security_policy_spec.rb

@@ -66,7 +66,7 @@ describe ContentSecurityPolicy do
       expect(script_srcs).to include("'report-sample'")
     end
 
-    it 'whitelists Google Analytics and Tag Manager when integrated' do
+    it 'allowlists Google Analytics and Tag Manager when integrated' do
       SiteSetting.ga_universal_tracking_code = 'UA-12345678-9'
       SiteSetting.gtm_container_id = 'GTM-ABCDEF'
 
@@ -75,7 +75,7 @@ describe ContentSecurityPolicy do
       expect(script_srcs).to include('https://www.googletagmanager.com/gtm.js')
     end
 
-    it 'whitelists CDN assets when integrated' do
+    it 'allowlists CDN assets when integrated' do
       set_cdn_url('https://cdn.com')
 
       script_srcs = parse(policy)['script-src']

spec/lib/upload_creator_spec.rb

@@ -402,7 +402,7 @@ RSpec.describe UploadCreator do
     end
   end
 
-  describe '#whitelist_svg!' do
+  describe '#clean_svg!' do
     let(:b64) do
       Base64.encode64('<svg onmouseover="alert(alert)" />')
     end
@@ -428,7 +428,7 @@ RSpec.describe UploadCreator do
 
     it 'removes event handlers' do
       begin
-        UploadCreator.new(file, 'file.svg').whitelist_svg!
+        UploadCreator.new(file, 'file.svg').clean_svg!
         file_content = file.read
         expect(file_content).not_to include('onload')
         expect(file_content).to include('#pathdef')