Vikunja: Stored XSS via Unsanitized SVG Attachment Upload Leads to Token Exposure

Required for consent storage and core website behavior. These are always enabled.

Helps us understand site usage, performance, and session recordings with Google Analytics and PostHog.

Supports ad attribution, audience measurement, and the Intercom messenger with LinkedIn and any consent-aware tags managed through Google Tag Manager.