build: Upgrade phan-taint-check-plugin from 1.5.x to 2.0.1
The method ReplaceTextUtils::link (which is already complicated because
it tries to support ancient MediaWiki) can perform different levels of
escaping depending on whether the HtmlArmor class exists. This is confusing
for taint-check and for humans, and can inevitably lead to errors. Plus
it's bad practice to have a method returning something with a variable
level of taintedness, especially if that depends on something ephemeral
like if a class exists or not.
Thus, the HtmlArmor part is removed, the text is escaped for Linker::link,
and the method now requires non-escaped HTML to be passed in.