…DOMElement or DOMAttr

Before, this was on the 'save_post' action.
But as Weston mentioned,
this could be in one place,
and this removes the need for a nonce.
Also, remove the function is_authorized().
This checked for a nonce.
Replace this with the existing has_cap().

Because 'wpautop' runs on 'the_content',
process_markup() showed errors from removing <p> tags.
For example, it created this markup:
<p><script async src=https://example.com/script></script></p>
It seemed to have removed the <p> tag,
As it contained a disallowed element.
But it's not needed to report that the <p> is removed.
So remove 'wpautop' as a callback for 'the_content.'
Gutenberg also does this, unless the post has no block.
@see gutenberg_wpautop().

Instead of wrapping the 'invalid_callback' in this,
simply exist process_markup().
If that callback isn't added,
there's no need for the rest of the function.