See also I61c8f671273 in CentralAuth. For improved clarify, I'm
mostly replacing it with Html::element() rather than Html::input().
While at it:
* Fix incorrect docs that state the opposite of what
is true in Html::input. Especially confusing when coming from
Xml::input, as it implies that the behaviour is less secure, when
actually its the same (plain text, automatically escaped by
Html::element as any other attribute value).
* Make $attrs optional in Html::submitButton, like Xml::submitButton.
* Improve the Basic form rendering in RecentChanges/Watchlist to
build the two copies of the same inputs the exact same way,
and to do so without needless `<input id><label for>` complexity,
but instead wrap the label around the input.
Rendering is pixel-identical (verified in Firefox) and removes the
need to attach the same title="" attribute twice in the HTML output
(on both the input and the label element previously).
* As side-effect of this chnage, SpecialUserRights no longer
unexpectedly sets `class="mw-userrights-groupcheckbox"` on both
the checkbox `<input>` and on the `<label>`, something the
userrights.css stylesheet works around by narrowing the selector
to just `input.groupcheckbox` because otherwise it would never
be `:checked` since the label element is by definition never
checked. Yet another indication that the abstraction is a bad fit,
and yet people stuck with it well beyond even the narrow case where
it happens to work.
Change-Id: I33bf6ab5e013f046c5f31c6ceae118d6240c5294
436872b184