sanitizeAsIdentifier

Sanitizes this string for use as a stable, anchor-like identifier:

• Strips characters that are problematic in CSS selectors and URL fragments (whitespace, quotes, angle brackets, ampersands).

• Ensures the result is not empty: an empty input becomes _.

• Ensures the result does not start with a digit by prepending _ when needed (see issue #86).

Shared between rendering-time HTML id generation and deduplication keying, so that two identifiers that sanitize to the same string are recognised as collisions before they reach the output.