Added rel="noopener noreferrer" to all target=_blank

[nyurik]

I'm not sure the rel attribute is needed for these cases, so to review, creating this PR.
This was mentioned to me at #15014 (comment)

[timroes]

You will need to update the snapshots for the tests for this to pass, by running node scripts/jest -u.

Also I wonder, whether we could solve this in KuiLink(Button) directly maybe? @cjcenizal do you think we could add rel="noopener noreferrer" to all links, that have target="_blank" automatically?

[cjcenizal]

@timroes Yes I agree that we should do this at the component level, since it's a security concern. @nyurik Would you mind making this change to the relevant components so that all links with target="_bank" also get rel="noopener noreferrer"? And could you add the link I shared as a comment so people who read the code understand the rationale?

[nyurik]

@cjcenizal I'm not very familiar with that code - could you give me a link to where this would be implemented?

[cjcenizal]

@nyurik Sure, it's here: https://github.com/elastic/kibana/blob/master/ui_framework/src/components/button/button.js#L123

We'll need to add the target propType and add a test to verify that the rel attribute is added when its value is _blank. Do you want to pair program on this?

[cjcenizal]

@nyurik I'm about to start work on this. Unless you've already started? I don't want to step on your toes. 😄

[nyurik]

@cjcenizal sorry, got sidetracked with some other projects :( I need to get a bunch of things ready for EON.

[cjcenizal]

No worries! I'll bang this out. Mind if I tag you as a reviewer?

[nyurik]

@cjcenizal I saw your patch, thx! Add me any time :)

[nyurik]

Should I abandon this patch?

[cjcenizal]

@nyurik Yes please close this. I think that because the KUI Framework has been deprecated, we don't need to worry about changing it as I suggested in #15949 (comment). I did a search and it looks like we're not using this component in conjunction with target="_blank".