fix: [security] stored XSS in the correlation top list

- if an attribute with an XSS payload as its value ends up being in the top list of correlations, then an administrator viewing the top correlations would execute the XSS

- as reported by Grzegorz Misiun

app/View/Elements/genericElements/IndexTable/Fields/postlink.ctp

@@ -57,5 +57,5 @@
         '%s<a href="#" onclick="event.preventDefault(); %s">%s</a>',
         $form,
         $onclick,
-        $text
+        h($text)
     );