feat: custom font family configuration

[iamgio]

This PR introduces the capability to override the default font families.

Font configuration can be applied via .font through its main, heading and code parameters.

A font can be loaded from any of the following sources:

• From file (e.g. path/to/font.ttf)
• From URL (e.g. https://example.com/font.ttf)
• From system fonts (e.g. Arial, Times New Roman)
• From Google Fonts (e.g. GoogleFonts:Roboto).

Font resources are processed by the media storage.
This means, for instance, HTML output will carry local fonts into the output directory for increased portability.

As for security concerns, the compiler won't interact with remote fonts, but rather just let them go through until the post-processor can bundle them into the final output. This means a font loaded from Google Fonts or a remote URL will be fetched remotely at runtime by the browser, as long as the media storage system is turned off for remote resources (which is the case for the HTML target).

[iamgio]

@alerque I coincidentally stumbled across your comment against the integration of Google Fonts in Typst. Since the use case via HTML is a bit different here and the font is not downloaded directly by the compiler but rather delegated to the browser, I would say this doesn't imply any security or privacy concerns. Do you agree?

[alerque]

Typst actually has a security model and a goal of being able to run on untrusted content without leaving a gaping security hole (including data exfiltration). As far as I can tell Quarkdown is not even remotely close to anything of the kind and there are several layers that are completely "compromised". You're reliant on a headless Chromium instance anyway, and even the browser sandboxing is compromised since it is being fed local supposedly trusted content. I don't think denying remote font loading would be anything more than a bandaid on a femoral artery bleed in either the privacy or security departments.