Fix: Keep children of object tag
The HTML tag <object> optionally has embedded (child) tags that serve as an
alternative (fallback) HTML representation for the object. Of course, the
object and its parameters are considered harmful in HTML mail, but the
alternative representation is meant for exactly this kind of situation. They
should display the object contents without loading possibly insecure code.
- By ignoring <object> tags, roundcube also removes all their child nodes
- As <object> is not in the list of allowed $html_elements and <param> gets cleaned through $void_elements, they get ignored anyway, without removing the valuable child nodes.