Before this commit:
`lxml.html.clean.Cleaner` striped all ARIA attributes (e.g., aria-label, aria-hidden, role) by default.
This is because they were not included in the "safe attributes" whitelist.

This behavior caused sanitized HTML to lose semantic meaning for assistive technologies
(screen readers), making the output non-compliant with WCAG standards.

After this commit:
ARIA attributes are added to `defs.safe_attrs` so the Cleaner will no longer filter them out.
This change ensures that developers using lxml for sanitization will not accidentally strip
accessibility features while maintaining protection against XSS.

Closes https://bugs.launchpad.net/bugs/2136144